The simplest one is: Because it exists and it is open source.

We are addressing the issue from both perspectives - WordPress and Joomla, as both CMSs are open source.

Last year WordPress released an update in which they announced that they had fixed a small security leak in the WordPress API. Within a few hours, 1.5 million WordPress sites were hacked through that leak because they were not updated immediately!

Because WordPress and Joomla! are open source systems the source code is open to everyone. So hackers can also browse around looking for weaknesses, leaks, and entrances that they can use to hack sites.

Many site owners think that their site runs little risk of being hacked.

„Why would anyone want to hack my site?
My site is not interesting for a hacker at all? „

Wrong.

That’s why:

Here are a few reasons why hackers - with all due respect - are also hacking „relatively simple sites”:

1. Hacking is done through automated scripts that search the internet (like the Google crawlbots) looking for websites with weaknesses in old CMS versions that they can abuse. Those scripts do not look at what kind of website it is. It goes massively.
2. Hackers are interested in the data traffic that is available with your hosting package. They use that traffic to run torrents, VoIP traffic and the like. They steal your available data traffic and sell it.
3. Hackers are interested in the space of your site on the server that is available with your hosting package. They use these to store all sorts of illegal files, including (child) porn. It will just be on your hosting account … And usually, you won’t even notice.
4. Hackers are also interested in hacking your contact forms and email account. This allows them to distribute large amounts of spam which is part of their business model.
5. Hackers place malware on your site, wrapped in an interesting offer for your visitors. When your visitors click on a link or button placed by the hackers (which therefore looks innocent), a virus is placed on the visitor’s computer from your website.
6. Hackers can steal visitors from your site by sending them in a fraction of a second to a porn site, a gambling site or a viagra site. Usually not the type of website you want to be associated with … It is embarrassing and leads to reputation damage.
7. Do you have a web store or a database on your hosting account that contains customer information? Well, your site is completely interesting for hackers, because such a database serves as a huge stepping stone for spreading their evil intentions and for harvesting Personal Data.
8. SEO Spam - Hacking legitimate websites and using them to position malware-distributing, scam websites is one of the most efficient ways for hackers to gain a good SEO rating for them.

These are the consequences when your site is hacked:

• Your site can be blocked by the hosting provider.
  
• You have to find and remove the virus.
  
• You have to update your site.
  
• You must restore a secure backup (if you still have one).
  
• You can incur high costs for traffic violations.
  
• You suffer image damage from the visitors of your site.
  
• It is possible that you can no longer have email.
  
• It is possible that the hack of your site also caused damage to other sites on the same server.
  
• Your website can be blacklisted by search engines which will ruin your SEO.
  

Fortunately, we have a way to help your site avoid becoming one of the statistics – SmartUpdater! A revolutionary way to automatically apply your Joomla and WordPress updates.

Not only can it keep your core CMS up-to-date, but it can also update your Themes, plugins, components, and modules. More information about our SmartUpdater and how it can help you can be found here on our site.

And it always comes at a very inconvenient time. 

If you already know how to do this, it is, in any case, a lot of work that can not wait and therefore has to be carried out immediately.

You MUST really update your site - immediately if an update is available - and prevent you from being hacked. And not only WordPress or Joomla itself. But also the plugins, extensions, and themes, because they also have their own leaks.

Otherwise, it is only a matter of time, for it to be hacked.