WordPress sites are increasingly being infected with malware from pirated themes and plugins, as per a new report on WordPress security.
Security firm Wordfence published a report on threats and attacks targeting WordPress sites, with data gleaned from the 4 million customers that have its software installed.
The major threats facing WordPress sites fall into three categories:
- Malware from pirated themes and plugins
- Malicious login attempts
- Vulnerability exploits
Here’s a summary of key highlights from the report.
Malware From Pirated Themes & Plugins
The most widespread threat to WordPress security is malware from pirated (nulled) themes and plugins.
Wordfence detected more than 70 million malicious files on 1.2 million WordPress sites in the past year. Over 17% of all infected sites had malware from a nulled plugin or theme.
The WP-VCD malware was the most common threat to WordPress, counting for 154,928 or 13% of all infected sites in 2020.
When a plugin or theme is pirated its license…