Sucuri have released a very interesting website security report detailing their analyses of 11,000+ systems made up largely of WordPress, Joomla! and Magento. These three systems make up a significant proportion of the world’s 1 billion websites, in fact over one third of the world’s websites are powered by either Wordpress, Joomla!, Magento or Drupal.
In almost all instances, the security compromises found were the result of improper deployment, configuration, and overall maintenance by the webmasters and their hosts. Most issues were due to outdated non-core extensions which had available updates solving the security issue that were never applied.