01 Feb 2018
Though it started out as a blog platform, WordPress has become one of the most popular tools to build websites. In fact, it’s estimated that there are around 75 million websites powered by the content management system. With such popularity, however, comes a big target.
Web security company Sucuri found that over 2,000 WordPress sites have been infected with a keylogger malware. Keyloggers record every stroke of the keyboard, allowing hackers to know everything you write on your computer, including web addresses and login credentials.
The primary function of the malware, called cloudflare.solutions, to inject a script that uses the server’s CPU power to mine cryptocurrency. Basically, the hackers hijack the server’s power to gain cryptocurrencies. It actually has nothing to do with Cloudflare, a content delivery network (CDN) and security booster for websites. It got its name because cloudflare.solutions is the domain name initially used to spread the malware, even though that domain has since been taken down. Other domains associated with the malware include cdjs.online, cdns.ws, and msdns.online.
If you want to check your website to see if it’s infected, look for those domains in your WordPress database and in the functions.php file of whatever theme you’re using. If you find it, remove the code, change the passwords to all users on the site, and make sure all themes and plugins are completely up-to-date. Once you’ve done that, make sure to add keyword encryption to your computer.