WordPress, target of cryptocurrency miners

In previous episodes of WordPress News in Spanish, we have dealt with the issue that the popularity of WordPress has its good things and its bad things, we could call it the Microsoft effect, the most popular operating system for years and the one that has been attacked the most times. .

The same thing happens now with WordPress, and not only that the attacked installation is vulnerable, the official WordPress repository is vulnerable to economic interests and unscrupulous developers, who for certain amounts sell or rent their plugins for criminals to use them as a back door to take advantage Of WordPress users, we have already discussed several cases.

What is presented to us now is another form of cybercrime, the cryptocurrency miners.

The modus operandis is the same, search for vulnerable WordPress and modification of plugins in the official WordPress repository, the latter case, as Nilo Velez told me, detected a plugin in the repository that had been modified so that it could insert a script to do Call to an external server that was the one that executed the necessary commands to make the mining work on the visitors’ computers, being in this way very difficult to detect the infection in the compromised WordPress, despite the fact that it is fully updated.

How does it work

Cryptocurrencies are digital currencies that act as an alternative to traditional currency, such as bitcoins, litecoin, monero and some more.

Platforms have emerged that allow any user to register and take advantage of their visitors’ computers to generate cryptocurrency, what is called mining.

The registered user simply has to add a line of javascript on his website, in such a way that each visitor to his website gives up, without knowing it in most cases, the resources of his computer to act as a miner.

When “the victim” visits the web, his computer immediately begins to mine, the victim having a very poor performance in resources of his own computer, since he is working as a miner.

This is one of the ways to realize, if your computer, when visiting a certain website, lowers performance, it is possibly being used as a cryptocurrency miner.

But the other trend is that the bad guys, look for vulnerable WordPress to insert those lines of javascript in the WordPress victim to take advantage of the visits of the web and put to work any computer that connects to that web and turn them into miners.

The hacking techniques are varied, compromised ftps, vulnerable plugins, vulnerable WordPress or, as we mentioned, buying and selling popular plugins in the repository to include malicious code, or even compromised computers.

How to protect ourselves

We can use plugins such as Wordfence that detect malicious code, or firewalls that stop the attempt to inject code, or use hosting providers such as Host-Fusion.Com that scan users’ websites daily for vulnerabilities and apply patches to protect them, In addition to custom rules to avoid this type of attack, our servers also scan in real time all the uploads by ftp to prevent them from injecting malicious code.

Regularly scan our computers, with more than one antivirus to rule out possible infections.

And of course, always keep WordPress and its plugins updated and review the plugins that we use in the official WordPress repository, to find out if any user has detected something strange. Reviewing the support forums for the plugins we use is a good and recommended practice.

Today, at 7:00 p.m. Spanish time live and direct from this same post, we will talk about cryptocurrencies and miners.

In another order, we will report as usual, the latest vulnerable plugins, plugin updates, and news of WordPress 4.9

WordPress News in Spanish, every Tuesday and Thursday, at 7:00 p.m. live, with Antonio Postigo @hoystreaming and Pedro Santos @hostfusion

All the videos from previous programs are available in the WordPress News section in Spanish and also in our Podcast.

An original idea of Host-Fusion.Com your provider hosting para WordPress trustworthy and HoyStreaming.comYour digital window to the world.

20% discount on WordPress hosting at Host-Fusion.com