Fake WordPress plugins secretly mining cryptocurrency found by researchers

One important factor when it comes to developing a website is to use content management systems also called CMS. Now, we can build static websites or dynamic ones without CMS and still get the job done. However, it is much better to use a CMS if the website needs to be updated frequently. Now, one of the best CMS available out there right now is WordPress.

There are other CMSes too such as Joomla and more but you might not have even heard its names. However, we are here to tell you that WordPress is the best because it too has security problems.

WordPress is a CMS which lets you install plugins made by its own team as well as third-party developers. Now, WordPress’s own plugins are to be trusted by the same can’t be said for all plugins from third-party developers. Because there are chances you might get into trouble installing a plugin which might not be the safest. One such incident has come to our notice thanks to third party developers.

Researchers have found out that WordPress plugins were used to secretively mine cryptocurrency such as Bitcoin and more. A website security company named Sucuri found out that plugins are used to maintain access to compromised servers. So if you are not attentive, your website might be hacked in a matter of minutes through your server. Researchers revealed that these plugins were found with different names such as ‘initiatorseo’ or ‘updrat123,’

While the names are different for these plugins, their functionality is the same since they have a similar structure and header comments from the popular backup/restore plugin UpdraftPlus. Now, the best advice from us right now would be doing a thorough malware scan on your website to see if any suspicious plugins are there on your site or not.