Nexcess Warns WordPress Hosting Clients Of Cryptojacking Threat

Share Article

Nexcess has warned WordPress hosting clients of the threat posed by cryptojacking attacks, which use compromised WordPress sites to mine cryptocurrencies such as Monero by hijacking the resources of visitors’ computers.

Nexcess
Cryptojacking is easy money for online criminals, so we expect to see an exponential increase in the number of attacks and in the sophistication of the malware this year.

Nexcess, a leading provider of performance-optimized managed WordPress hosting, has warned WordPress hosting clients of the threat posed by cryptojacking attacks, which use compromised WordPress sites to mine cryptocurrencies such as Monero by hijacking the resources of visitors’ computers.

Cryptojacking is a recent motivation for attacks against WordPress sites. Since the middle of last year it has become more common. The attackers inject malicious JavaScript code into compromised WordPress sites. The code, often the Coinhive mining script, runs in the browsers of site visitors, using their resources to mine cryptocurrencies. It has been estimated that 1,000 compromised WordPress sites could mine several thousand dollars’ worth of cryptocurrency each month, giving criminals a strong incentive to target WordPress sites.

“Cryptojacking is easy money for online criminals, so we expect to see an exponential increase in the number of attacks and in the sophistication of the malware this year,” commented Chris Wells, President and CEO of Nexcess. “WordPress hosting clients should be aware of the risk and the steps they need to take to avoid exposing site visitors to resource hijacking that generates revenue for organized crime.”

In recent months several variants of this attack have been seen. Last year, criminals began exploiting known vulnerabilities in out-of-date WordPress sites to inject cryptojacking malware. Earlier this year, a large botnet was used in brute force attacks against thousands of WordPress sites, injecting cryptojacking code on sites with poorly chosen passwords. Last month, popular accessibility plugin Browsealoud was compromised in a supply-chain attack against WordPress sites: the cryptomining malware was added to the plugin and distributed to WordPress sites when it was installed or updated.

To reduce the risk of a successful cryptojacking attack against their site, WordPress site owners should follow basic WordPress security protocols. Sites should be updated to install security patches. Two-factor authentication should be used to defend against brute-force attacks. WordPress users should be cautious when installing plugins and use malware scanning software to check for the presence of cryptomining code.

As a provider of WordPress hosting to thousands of publishers, bloggers, and eCommerce retailers across the US and Europe, Nexcess would like to raise awareness of the increasing prevalence of this type of attack against insecure WordPress sites and urge site owners to take the basic security precautions necessary to protect their sites and users.

About Nexcess

Nexcess is a Southfield, Michigan-based managed application hosting company founded in 2000, with data centers in the United States, Europe, and Australia. Nexcess offers application hosting services for Magento, WordPress, WooCommerce, Craft CMS, ExpressionEngine, and OroCRM, ranging from entry-level packages to custom clustered/complex hosting configurations, with an emphasis on achieving maximum performance for high-traffic sites. For more information, visit http://www.nexcess.net.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Chris Wells
Nexcess
+1 866-639-2377
Email >
@nexcess
since: 07/2009
Follow >
Nexcess
Like >
Follow us on
Visit website