In previous episodes of WordPress News in Spanish, we have dealt with the issue that the popularity of WordPress has its good things and its bad things, we could call it the Microsoft effect, the most popular operating system for years and the one that has been attacked the most times. .
The same thing happens now with WordPress, and not only that the attacked installation is vulnerable, the official WordPress repository is vulnerable to economic interests and unscrupulous developers, who for certain amounts sell or rent their plugins for criminals to use them as a back door to take advantage Of WordPress users, we have already discussed several cases.
What is presented to us now is another form of cybercrime, the cryptocurrency miners.
The modus operandis is the same, search for vulnerable WordPress and modification of plugins in the official WordPress repository, the latter case, as Nilo Velez told me, detected a plugin in the repository that had been modified so that it could insert a script to do Call to an external server that was the one that executed the necessary commands to make the mining work on the visitors’ computers, being in this way very difficult to detect the infection in the compromised WordPress, despite the fact that it is fully updated.
How does it work
Cryptocurrencies are digital currencies that act as an alternative to traditional currency, such as bitcoins, litecoin, monero and some more.
Platforms have emerged that allow any user to register and take advantage of their visitors’ computers to generate cryptocurrency, what is called mining.
When “the victim” visits the web, his computer immediately begins to mine, the victim having a very poor performance in resources of his own computer, since he is working as a miner.
This is one of the ways to realize, if your computer, when visiting a certain website, lowers performance, it is possibly being used as a cryptocurrency miner.
The hacking techniques are varied, compromised ftps, vulnerable plugins, vulnerable WordPress or, as we mentioned, buying and selling popular plugins in the repository to include malicious code, or even compromised computers.
How to protect ourselves
We can use plugins such as Wordfence that detect malicious code, or firewalls that stop the attempt to inject code, or use hosting providers such as Host-Fusion.Com that scan users’ websites daily for vulnerabilities and apply patches to protect them, In addition to custom rules to avoid this type of attack, our servers also scan in real time all the uploads by ftp to prevent them from injecting malicious code.
Regularly scan our computers, with more than one antivirus to rule out possible infections.
And of course, always keep WordPress and its plugins updated and review the plugins that we use in the official WordPress repository, to find out if any user has detected something strange. Reviewing the support forums for the plugins we use is a good and recommended practice.
Today, at 7:00 p.m. Spanish time live and direct from this same post, we will talk about cryptocurrencies and miners.
In another order, we will report as usual, the latest vulnerable plugins, plugin updates, and news of WordPress 4.9
WordPress News in Spanish, every Tuesday and Thursday, at 7:00 p.m. live, with Antonio Postigo @hoystreaming and Pedro Santos @hostfusion
All the videos from previous programs are available in the WordPress News section in Spanish and also in our Podcast.
An original idea of Host-Fusion.Com your provider hosting para WordPress trustworthy and HoyStreaming.comYour digital window to the world.