Cryptocurrency-mining Malwares are threatening WordPress Websites

With the arrival of new technologies there is increasing number of speculators who are trying to turn the benefits of these technologies into their own favour. This is valid also for cryptocurrencies. Apart from the common hacker attacks on bitcoin wallets and crypto exchanges, ordinary website visitors are becoming victims of attacks too. They often don’t even realize that they are unwillingly participating on bitcoin, monero coin (or any other cryptocurrency) mining process for the benefit of someone else.

This is possible thanks to a malicious malware for crypto currency mining that is injected to the website by an attacker.

How the visitor becomes zombie miner

The crypto currency mining as such uses the computing power of computer hardware (especially processor and graphic cards) for mining of so called blocks of the particular cryptocurrency. As the mining process is very demanding in terms of performance and electricity consumption, the cyber criminals invented a way how to shift the substantial part of the performance requirements and costs to the shoulders of unsuspecting victims.

As soon as the mining JavaScript is incorporated to the website, immediately after the page is loaded, the visitor lends its own computing capacity for cryptocurrency mining. The hidden stealing of performance then takes place during the entire time of the website visit.

Why are WordPress websites vulnerable to misusage?

WordPress is an open-source platform that uses many add-ons, widgets and third-party plugins for enhancing its functionality. The installation of little known addons can cause website infiltration by malicious code – including the mining malware. As we already mentioned, such malware can be well hidden, therefore often even the website owners aren’t aware that their website was hacked. And usually the web visitors notice it earlier than the web owners.

Free WordPress templates can also be problematic, especially if they don’t come from reliable sources (like WordPress.org). The risk is that the malicious code can already be bundled into the template itself. Ultimately what this means is that it is quite hard to find a solution for bitcoin mining malware removal.

How to protect your WordPress website against the crypto mining malware

1. Choose a Premium WordPress theme
You need to be extremely cautions when deciding for a free WordPress theme, the safest option is to install one of the Premium templates. It’s true that even the Premium theme cannot guarantee that the crypto mining malware would never infect the website, but at least you can be sure that the theme source code is absolutely ok after fresh download of the theme. No hidden traps.

2. Think twice what third-party plugins to download
Plugins are a natural part of WordPress templates and almost none of the themes can provide all the needed features without any plugins. Today, however, plugins are developed by many developers and can be of various quality, as well as can provide different level of security. Malicious code can either be built into plugin directly, or due to low security level, plugin can be used for website infiltration later on. Furthermore, another risk relates to the theme author. If the author is a single developer, he/she can stop working on the plugin updates anytime. Out-of-date plugin is then a time bomb for the website.

3. Perform regular updates of your WordPress theme
Regular updates can secure your theme against the malware (this is one of the best WordPress malware protection). Updates prevent the whole bunch of security issues as they respond to the latest cyber threats and fix potential security holes.

4. Do not click on suspicious attachments
The threat of malware or ransomware is often hidden in unsolicited emails and dubious attachments. Therefore it is better not to open such messages and rather delete them immediately.

5. Check the network usage
One of the fastest ways how to detect that the website has been attacked by the cryptomining malware is to check the CPU usage. In case that the CPU load is too high and there is no program or application running on the background that could legitimately cause such high CPU usage (e.g. photo/video editing software, graphics rendering software etc.), it is very likely that the computer got infected.

Not sure what to do next?

I provide a WordPress maintenance service that means you can get on with your business while your website remains secure against this threat, and the many more that will be sure to follow. Check out out service here

This article was originally published by AitThemes.club