wordpress bitcoin

Everywhere you look right now, there is talk about cryptocurrencies. Bitcoin, Altcoin, mining, exchange rates and blockchains are in the news every day. Every move on the cryptocurrency exchange makes headlines. Glancing at the rise of the Bitcoin over the previous year it is clear that the popularity of the currency has been exploding, even after it has reverted back to its November 2017 price after a sharp rise over December.

However, the popularity of cryptocurrency, and the lengths at which people will go to obtain them is causing the bandwagon to strain. To better understand this, you need to understand cryptocurrency mining and how that effects websites.

The Mining Process Explained.

There is no shortage of questions about how cryptocurrencies work. However, the one that is most commonly asked is, where do cryptocoins come from? This answer can become extremely technical, but in short, miners use powerful hardware to solve mathematical problems and in return are issued a certain number of cryptocurrency in exchange.

While this process sounds easy, mining can take a long time and is a computationally intense process, which requires a considerable amount of computer hardware, power and cooling resources, to run the processors required to successfully mine cryptocoins.

Mining Malware on WordPress.

Due to the popularity of cryptocurrencies, online platforms have appeared that allow website owners to use the CPU of their website visitors’ computers for mining purposes. Website owners simply sign up for an account and add some JavaScript to their site. These platforms include CoinHive, CoinImp, Adless and Crypto-Loot.

Off the back of these platforms, and fuelled by this intense demand, there has been a considerable surge in mining malware in the form of inserted JavaScript files found on third party websites, in particular the extremely popular CMS WordPress. Unlike legitimate platforms, this malware allows miners to mine for currency through a website visitors’ computer CPU, without the permission of the website owner.

Bitcoin Mining

What Will Mining Do To Your Website?

Mining for cryptocurrency has become increasingly more technical and difficult over the past couple of years. The biggest cost of this mining is by far the electricity costs, with the Digiconomist estimating that 60% of Bitcoin’s revenues are eaten up by electricity costs.

What does this mean to your website if it is being used to mine cryptocurrency? The main implication of mining malware will be to drastically reduce a website visitors’ computer performance. This can be put down to your visitors’ CPU resources being diverted towards the mining instead of running their core programs.

One recent example of this is from users of the torrent website Pirate Bay, where users were experiencing a spike in CPU usage when visiting their website. As it turns out, this was a direct result of Pirate Bay authorizing the installation of CoinHive, the JavaScript-based bitcoin miner to its homepage.

How to tell if your website has been hacked and how to fix it.

You may begin to suspect that your website has been infected with this malware when your website is loading slowly or at least abnormally slow compared to its normal rate, or JavaScript functionality on your website such as user login areas, have stopped working. Other indicators can include a higher bounce rate of website visitors due to the slow loading speed of your pages, and an increase in warning notifications on website effectiveness.

Once you suspect your website has been infected, one secure way to confirm this is through the free WordPress plugin, WordFence. It scans your site, looking for malware, spammy or dangerous URLs, DNS changes, and backdoors. As it scans, it analyses your core files, themes, and plugins, and compares them to the repository. If any discrepancies are noted, the plugin alerts you to take action.

It is paramount that you make sure you detect an infection quickly. If an attacker has managed to slip through your website’s defences then you need to be able react quickly to restore its safety quickly.


Ways to for website users to Prevent Hacking.

While the installation of Wordfence is a great way for website owners to ensure that your site is being routinely scanned for any malicious malware that may have infiltrated your plugins or script, there are other ways for website users to provide additional security from miners. These are best found in the form of browser extensions, such as the following:

  1. No Coin Extension

The quickest and easiest way to protect your computer from being used to mine cryptocurrency is by installing the extension, No Coin.  This simple-to-use extension is available to install for Chrome, Firefox and Safari with the sole purpose to get rid of the mining code that’s infiltrated the back end of your page. While the extension is currently focused on the most popular CoinHive miner, you would assume that this will be expanded in the future to include other mining applications.

  1. MinerBlock Extension

MinerBlock is another open source extension aimed at blocking cryptocurrency miners from websites. Like No Coin, it blocks the popular miner, CoinHive, along with some other smaller mining applications.

It tackles this in two ways, with the first being the blocking of requests loaded from a blacklist of miners (a traditional approach used by a majority of ad and mining blockers). Secondly, it identifies any possible mining behaviour inside loaded scripts and kills them immediately.

  1. Block coin mining domains in hosts file

Using the hosts file to block coin mining domains is a popular option, whereby a list of domains is added to the hosts file, which then redirects these to localhost. This redirection prevents your computer from being able to go to the domain, preventing the coin mining from occurring. While quite a manual process, it’s also highly effective and easy to implement.

  1. Block domains in Ad Blocker

Our final listed option is using the free browser extension Adblock Plus which automatically blocks certain ads. Users can also create customised blacklists and whitelists, which they can use to block all ad content from selected websites, such as currency mining domains.

Importance of backups and updates.

One of the easiest ways that your website can be attacked is through old versions of plugins, website themes, and WordPress itself. The newer versions will often have fixes for security issues identified in its code, so simply by regularly updating all components of your site, you are taking one very crucial step in defending yourself from an attack.

Creating a WordPress backup can often be something that falls by the wayside, however it should be considered as website insurance in case it falls victim to mining malware. Setting up scheduled backups should be considered as an essential part of your WordPress security plan.

If cryptocurrency mining malware does infect your website, having numerous backups to upload will be essential to ensuring that minimal data is lost or damaged in the process.

Do you think your website has been infiltrated by malware and need help? Contact one of the professionals at Living Online today.