When talking about Open Source its hard not to focus on the main player, WordPress, which currently powers over 25% of the internet! Its success is largely based on its ease of setup and ongoing use, it's free to use, there is a large community of support and plugins and is helped by the fact that most budget hosting packages will install it for you, meaning you can be up and running in minutes.
Whilst this is great, its success also makes it the largest target out there for hackers to spend their time poking away at in the hope to find holes and chinks in its armour. Sites like wpvulndb.com catalog the latest exploits and make attacking a WordPress website that much easier.
An up to date WordPress site is actually very secure, however the updates come thick and fast. Luckily in 2013 WordPress introduced a featured into version 3.7 called background updating which allowed users to have their site apply security updates automatically. Automatically updating sites can be risky though and potentially break other plugins or themes which are in use. Some users therefore choose not to automatically update and manually run the process themselves as soon as they get chance.
This is the window of opportunity hackers are looking for when a new exploit is discovered. One such exploit was recently discovered and led WordPress to issue a new update on 26th Jan 2017. Whilst the update was automatically applied to many websites, a huge number of sites remained unpatched and as of today an estimated 40,000 blogs have been attacked affecting over 1.5 million pages!
Open source offers some fantastic benefits, especially for startups and budget conscious projects but in today's world where anyone with a bit of knowledge can be a 'hacker' by using readily available online scripts, security needs to be a primary concern for any serious business.