Pirated themes and plugins are the most widespread threat to WordPress sites

Pirated themes and plugins are the most widespread threat to WordPress sites
Wordfence says it found malware originating from a pirated WordPress theme or plugin on 206,000 sites, accounting for over 17% of all infected sites.

Pirated (aka nulled) themes and plugins were the most common source of malware infections on WordPress sites in 2020, according to Wordfence, a provider of website application firewall (WAF) solutions for WordPress sites.

The security firm said its malware scanner detected more than 70 million malicious files on more than 1.2 million WordPress sites in 2020.

"Overall, the Wordfence scanner found malware originating from a nulled plugin or theme on 206,000 sites, accounting for over 17% of all infected sites," the company said on Wednesday.

Of these 206,000 sites, 154,928 were infected with a version of the WP-VCD malware, a WordPress malware strain known for its use of pirated/nulled themes for distribution.

Wordfence said this particular malware operation was so successful last year that it accounted for 13% of all infected sites in 2020.

This website uses cookies

We use cookies to customize content and ads, to provide social media features, and to analyze traffic. We also share information about your use of our site with our social media, advertising and analytics partners who can combine them with other information you have provided or collected from using their services.
I accept all cookies I accept the selected Cookie settings I do not accept