WordPress sites hacked for mining cryptocurrencies

hosting-servers-960px

You may have heard of Bitcoin and Litecoin, just two of the cryptocurrencies we find being used all over the world as an alternative to traditional coin, metals, and paper currency. But what you may not have heard is that WordPress websites are being hacked to be used a mining machines.

How does it work? WordPress and website hackers are embedding Javascript code served at Coinhive and other SaaS services to run through browsers.¬†Essentially, your PC may be taken over to run Javascript through web browsers that in turn use the computer’s processor.

Attackers may also use compromised FTP accounts, as well as work through hacked and fake admin accounts on WordPress sites.

We first heard of this through Wordfence, a popular security platform that detects and removes malware on WordPress websites.

Wordfence says the hackers easily exploit older, well-known security vulnerabilities such as the Gravity Forms exploit from 2016, but newer vulnerabilities are found every day.

The company reports that attack volume has been very low and unsophisticated so far, but that there is likely going to be an increase in as demand increases for cryptocurrency mining.

What can you do to protect your WordPress site from hackers?

Install Wordfence or other trusted security plug-in, make sure all your plug-ins and WordPress versions are up-to-date, and, be sure to update your passwords every so often using recommended character type and counts, including FTP and WordPress user accounts.

Comments are closed.