April Fool’s Day – TYPO3 Overtakes WordPress as Most Attacked CMS Due to Popularity

April Fool's Typo 3

Disclaimer: This is an April Fool’s Day blog post and not all the information below is accurate. If you are looking for updated information on CMSs and malware families, access our latest Website Hack Trend Report.

It all started with a Twitter Poll we put out a couple of weeks ago, trying to find out what is the most used CMS by our customers. We added the usual suspects in the poll options; WordPress, Joomla, Drupal. We casually added an “Other” option, just in case someone was using a rare CMS out there, then asked for comments.

The results made us look deeper into the situation. Realizing that votes for Joomla and Drupal were under 3%, while WordPress comprised 46% of total voters, made us wonder of what “other” CMS entities out there were not correctly credited for their fair share of the pie. Looking at the 60 comments we received on the poll, we discovered that TYPO3 had a very strong community:


Hacked Website Trend Report

Shortly afterward, we amended our 2018 Hacked Website report. On closer inspection, we discovered that TYPO3 had overtaken WordPress as the most popular CMS seen in our malware removal requests. Keep in mind that these numbers reflect how popular Sucuri seems to be in the TYPO3 community. It doesn’t infer anything negative regarding the security of the platform itself.

We have started to receive more clean up requests for Typo3 websites as the CMS pops up much more frequently. It makes sense–attackers will target the most popular platforms.

CMS Distribution Statistics

All those votes on our poll with users asking for the rightful position of TYPO3 to be acknowledged were right.

According to official sources, TYPO3 has actually overcome WordPress as the leading CMS in the World.




The rapid rise of TYPO3 has taken the CMS community by storm. When you consider how friendly and engaged the TYPO3 user base is, it makes a lot of sense.

All TYPO3 users who use our services can rest assured that they receive the same level of protection that we provide for all other CMS applications.

You May Also Like