Pirated themes and plugins are the most widespread threat to WordPress sites – ZDNet

Wordfence says it found malware originating from a pirated WordPress theme or plugin on 206,000 sites, accounting for over 17% of all infected sites.

Pirated (aka nulled) themes and plugins were the most common source of malware infections on WordPress sites in 2020, according to Wordfence, a provider of website application firewall (WAF) solutions for WordPress sites.
The best web hosting services
We take a look at some of the best web hosting providers and help you understand how to choose the best for your needs.
Read More
The security firm said its malware scanner detected more than 70 million malicious files on more than 1.2 million WordPress sites in 2020.
“Overall, the Wordfence scanner found malware originating from a nulled plugin or theme on 206,000 sites, accounting for over 17% of all infected sites,” the company said on Wednesday.
Of these 206,000 sites, 154,928 were infected with a version of the WP-VCD malware, a WordPress malware strain known for its use of pirated/nulled themes for distribution.
Wordfence said this particular malware operation was so successful last year that it accounted for 13% of all infected sites in 2020.
But WordPress sites also got infected with malware via other means beyond pirated themes. Legitimate sites also got attacked and infected. Other methods through which these sites got hacked included brute-force attacks against login forms and the use of exploit code that takes advantage of unpatched vulnerabilities.
All in all, 2020 was a massive year in terms of brute-force attacks. Wordfence reported seeing more than 90 billion malicious and automated login attempts.
These attacks came from 57 million different IP addresses —most likely part of attack botnets and proxy networks— and amounted to 2,800 malicious login attempts per second against Wordfence customers.
To mitigate these attacks, Wordfence recommended that site owners either deploy a WAF or enable a two-factor authentication solution for their accounts.
On the vulnerability exploitation front, things were just as bad, with Wordfence reporting more than 4.3 billion exploitation attempts over the past year.
The most common form of vulnerability that attackers exploited last year was “directory traversals,” a type of bug that threat actors try to abuse to read files from WordPress installations (such as wp-config.php) or upload malicious files on a WordPress site.
Other exploitation attempts also relied on SQL injection, remote code execution bugs, cross-site scripting issues, or authentication bypasses, Wordfence said.

PHP Everywhere code execution bugs impact thousands of WordPress websites

FBI warning: Scammers are posting fake job ads on networking sites to steal your money and identity

Learn to navigate the most common personal and business tax forms for $30

Samsung Galaxy S22: How to preorder and get the best deal

‘We are building one of the most modern networks in the world’. How Vodafone Australia changed its 5G plans after the Huawei ban

Linux malware attacks are on the rise, and businesses aren’t ready for it

Tech workers are quitting. Pool tables and perks won’t be enough to stop them

Hue and Govee: Take smart lighting to the next level

10-Gigabit internet: Coming to your home and office within the decade

Please review our terms of service to complete your newsletter subscription.
You agree to receive updates, promotions, and alerts from You may unsubscribe at any time. By joining ZDNet, you agree to our Terms of Use and Privacy Policy.
You agree to receive updates, promotions, and alerts from You may unsubscribe at any time. By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy.
© 2022 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use


Leave a Reply

Your email address will not be published. Required fields are marked *