US security firm Sucuri has detected that nearly 5,500 sites managed through popular CMS WordPress have been contaminated with malicious cryptojacking script loaded from the cloudflare.solutions domain (which, it should be noted, is nothing to do with Cloudflare). This keylogger can record every keystroke made by the user and also be used to install a cryptocurrency miner.
Any WordPress sites set up as online retail platforms are particularly vulnerable to this exploit, which also gives attackers the chance to harvest personal and financial data. Most of the affected sites belong to small to medium sized businesses, companies who presumably have limited security or development resources.
These attacks on WordPress have been occurring regularly since April, each time using new techniques – keylogging being the latest. Sucuri lists a series of steps users should take to mitigate this incursion, the simplest and most important being to change passwords.
More than a quarter of the world’s websites run on WordPress, making the content management system a very popular target for hackers.