Bitcoin pirate attacking multiple WordPress websites

Website owners often wonder how and why their website gets hacked. It likely has nothing to do with your type of business or even the amount of traffic you get. As we’ll see with this cryptojacking attack, sometimes it’s just a numbers game. We’ll take a look at the attack through the eyes of the hacker as well as a few of the victims.

Full disclosure – this is a fictional story based on factual research. Cryptojacking happens on a daily basis.

Meet our Hacker

Spring break couldn’t come soon enough for Echo. She wasn’t fitting in at her new school, she was bored and her mind was back home with her computer. Echo has been spending the past few months obsessing about computer hacking and is ready to give it a try.

She’s been scouring various hacker forums this morning, trying to plan her first attack. As a newbie, she knows she doesn’t want to push her luck too far. She wants to try something that is relatively easy, untraceable and hopefully earns her a little bit of cryptocurrency (another obsession of hers). Hours tick by as she looks for ideas… and then she sees it. Someone outlined a way to make website visitors mine the Monero cryptocurrency by placing a bit of JavaScript somewhere on the website. Something called “cryptojacking”. Bingo!

Echo knows enough code to follow the instructions, the tricky part will be getting admin access to the target’s WordPress dashboards to deploy the code. Hmm.. She clicks around a while longer and finds what she needs: a way to crawl the internet for WordPress websites and attempt a brute force login using a well known vulnerability. After a few hours of planning, Echo has everything she needs to build a long list of targets and launch her attack.

We’ll catch up with Echo in a later post, but this just blows my mind… A script kiddie can put this attack together within a few hours and start impacting websites on a massive scale. Our website blocks this exact login attack at least 7 times per day!

Echo’s Cryptojacking Victims

Let’s fast-forward one month. The attack has been in the wild for about four weeks and several websites have become infected with the cryptojacking malware. Echo is only earning $1-2 per day in Monero, but hey – she’s just a kid, it’s free money and that amount keeps increasing with each hacked website. More websites mean more miners and more miners mean more Monero. This why the goal of cryptojacking is to hack as many websites as possible. The content of the website doesn’t matter, it’s more about creating an army of mining zombies. So what happens to these zombies?

Sarah – Wedding Photographer
Unprotected WordPress Website

It’s been a busy first month since launching her photography website. Sarah is a self-starter with a keen eye for design, so she decided to create her website with a premium WordPress theme purchased from a reputable online marketplace. Sarah is a real smart cookie, but only a novice when it comes to WordPress maintenance and website security. She has never updated her WordPress software and has no backup system or security plugins installed. Sarah is a sitting duck!

As a result, Sarah has been infected with Echo’s cryptojacking malware for about three weeks and still has no clue. She’s been averaging about two thousand visits per day, but this number seems to be decreasing steadily for the past week. She assumes it’s part of a natural traffic cycle and moves on. In reality the lost visitors are due to anti-virus notifications alerting the visitor to potential malware on the website.

This doesn’t seem good…

Sarah’s hosting provider suspends the account due to the malware a few days later. The website is now inaccessible to the public and Sarah is in an absolute panic trying to resolve the issue with the host’s support team. The host isn’t much help, telling Sarah she must contact a web developer to clean the site before they can restore it. Ultimately, the experience ended up costing Sarah $1,850 and damaged the trust she had built with several of her new visitors.

Robert – Video Game Review Blog
Has a Backup System

Robert has a much better situation on his hands. His blog has been live for several years and has thousands of loyal subscribers. It was infected with Echo’s cryptojacking malware yesterday and one of his subscribers pointed it out to him almost instantly. After restoring the website from a clean backup, Robert just needed to change the admin passwords and re-post his latest game review. He felt a little violated from the hack, but all the experience really cost Robert was a few hours of time.

Janet – Family Law Firm
Has a Malware Scanner Plugin

After reading a blog post on WordPress security, Janet made the wise move and installed a security plugin. It’s a simple tool that scans the website once per day for any known exploits. Her website was infected two days ago and the tool sent an email to notify Janet. She sent the email to her developer, who easily located the malware and cleaned the website. Janet paid $375 to clean the website and harden the security against future attacks.

Your Website Visitors

While your costs as a website owner can be extreme, it’s also important to consider the impact cryptojacking can have on your visitors:

Desktop & Mobile

  • High CPU usage (up to 100%)
  • Slow system performance
  • Potential hardware damage if mining over a long-term


  • Significant shortened battery life

Protecting Your Website from Cryptojacking

We recommend partnering with a WordPress maintenance and security specialist for complete peace-of-mind. You’ll have a team of WordPress experts on hand to monitor your website for an affordable monthly rate. Have a look at our Pro package, which offers one free malware clean-up per month!

Keep your website safe

We offer monthly WordPress maintenance packages that do just that. From security monitoring to malware removal, we've got you covered!

See Plans

If your budget doesn’t allow for a monthly maintenance and security package, you can stitch a pretty basic WordPress security system together by combining a free backup and security plugin. We recommend the following plugins:

Protecting Yourself from Cryptojacking While Browsing

Most browser based ad blocking extensions and anti-virus programs are starting to check for cryptojacking malware, but the developers are always working to stay one step ahead. The easiest way to protect yourself is to close any unused browser tabs when you finish reading the content. Long-term mining sessions are a result of browser tabs being left open for long periods of time (ie. walking away from our desk; leaving a phone unlocked on your table).

That’s a Wrap

We’ve learned that cryptojacking WordPress websites is easy and can be achieved at massive scale with little to no experience or effort. That’s a scary thought! What’s worse is hackers like Echo are unlikely to get caught for this type of attack. Due to her anonymity, the resources required to catch her simply outweigh any damage Echo may cause. The onus is on the website owner to keep themselves and their visitors protected.

How are you keeping your website safe?

0 0 votes
Article Rating

Notify of
Inline Feedbacks
View all comments