The report claims that 60% of hacked WordPress sites stem from stolen session cookies. I sure didn’t see that one coming.