Sucuri Blog has released its quarter report on hacked website for 2016. The report only focus on the top 4 Contents Management System (CMS), which are WordPress, Joomla, Drupal and Magento. Wordpress continues to be the most infected ones, and most of it involves on plugins installed on the platform. Good thing is WordPress saw a 1% decrease in out-of-date core software and infected websites, while Drupal had a 3% increase. Joomla! and Magento website deployments continue to show the most out of date instances of any platform.
Full report can be accessed here : https://blog.sucuri.net/2016/09/hacked-website-report-2016q2.html