Wordpress has been revealed as the most attacked content management system in the latest Imperva Web Application Attack Report.
The report found websites running WordPress were attacked 24.1 per cent more than websites running on all other content management systems (CMS) combined.
It also found WordPress suffers 60 per cent more Cross Site Scripting (XSS) incidents than all other CMS-running websites combined.
The report is the result of Application Defence Centre analysis of a subset of 99 applications protected by Imperva's Web Application Firewalls (WAF) over a period of nine months, from August 1, 2013, to April 30, 2014.
It also found 48.1 per cent of all attack campaigns targeted retail applications, with financial institutions next in line at 10 per cent.
While PHP applications suffer three times as many XSS attacks as .NET applications.
Websites that have log-in functionality, and hence contain consumer specific information, suffer 59 per cent of all attacks, and 63 per cent of all SQL Injection attacks.
Imperva chief technology officer, Amichai Shulman, said, after years of analysing attack data and origins, one of the things the company proposed in this year's report was that attackers from other countries were using US hosts to attack because they were geographically closer to targets.
"As a result, the US generates the majority of the web application attack traffic worldwide," he said.
"Looking at other sources of attacks, we were also interested to find that infrastructure-as-a-service (IaaS) providers are on the rise as attacker infrastructure.
"For example, 20 per cent of all known vulnerability exploitation attempts have originated from Amazon Web Services.
Although, he said AWS weren't alone.
"With this phenomenon on the rise, other IaaS providers have to worry about their servers being compromised," he said.
"Attackers don't discriminate when it comes to where a datacentre lives."
Sign up for Computerworld eNewsletters.