"Pirated Themes And Plugins Are The Most Widespread Threat to WordPress Sites"

Researchers at Wordfence found that pirated themes and plugins were the most common source of malware infections on WordPress sites in 2020.  The security firm said its malware scanner detected more than 70 million malicious files on more than 1.2 million WordPress sites in 2020.  The scanner also found malware originating from a nulled plugin or theme on 206,000 sites, accounting for over 17% of all infected sites. Of these 206,000 sites, 154,928 were infected with a version of the WP-VCD malware, a WordPress malware strain known for its use of pirated/nulled themes for distribution.  This particular malware operation was so successful last year that it accounted for 13% of all infected sites in 2020.  The researchers also found that 2020 was a massive year in terms of brute-force attacks. The researchers reported seeing more than 90 billion malicious and automated login attempts.  These attacks came from 57 million different IP addresses, most likely part of attack botnets and proxy networks, and amounted to 2,800 malicious login attempts per second against Wordfence customers.

ZDNet reports: "Pirated Themes And Plugins Are The Most Widespread Threat to WordPress Sites"