Jan, 2015 : CryptoPHP and other Malware Infects WordPress Themes


ahosting.net logo📅 - AHosting, a provider of high-performance CMS hosting, has released an advisory notice warning WordPress users that a large number of sites have recently been infected by malware such as CryptoPHP, including over 20,000 WordPress sites in the last month. AHosting has cautioned WordPress users to take care when using free themes in WordPress and to avoid using pirate premium themes at all costs.

Themes that do not originate from verified theme directories and developers can contain malware which puts sites and their users at risk. As a provider of CMS hosting, including WordPress hosting, AHosting is well placed to observe the current state of the free WordPress theme ecosystem. While there are many excellent free themes available from reputable sources, the company has concerns that users who are unfamiliar with the risks may be influenced to install themes that contain malicious code or spammy links.

“WordPress has created an inclusive platform that allows anyone to create a presence on the web,” commented Daniel Page, Director of Business Development at AHosting, Inc., “Criminals are taking advantage of inexperienced users by injecting malicious code such as backdoors into themes and plugins, then making them available online. We'd like to make users aware of the risks and point them in the direction of verified, safe resources for obtaining free themes.”

WordPress is hugely popular, which makes it a tempting target for online criminals. The easiest way for them to infect a site is to let WordPress users do it themselves. AHosting has strongly advised that WordPress users do not install free themes that they discover through search engines. Instead they should use recognized WordPress theme repositories or ensure that they obtain themes from reputable developers.

Over 20,000 WordPress sites were recently identified as being infected by the CryptoPHP malware, which inserts a backdoor into WordPress that allows online criminals to take control of infected sites. Online criminals continue to use this successful technique and WordPress users remain at considerable risk. The primary vector for CryptoPHP infection is free and pirate premium themes. The only safe way to deal with infections of this type is a complete reinstall of the content management system, which can cause serious disruption and lost revenue for site owners.

There are many thousands of free WordPress themes that are entirely safe to use. WordPress users should take all necessary precautions and ensure that, when installing a new theme, they are certain it originates from a trustworthy source.

About Ahosting:

AHosting is a managed web hosting provider with facilities in Orlando, FL, and Detroit, MI, owned and operated by AHosting, Inc., supplying hosting services that are truly beyond imagination. Since 2002, AHosting has established one of the web's premier solutions for specialized CMS hosting, including WordPress, Joomla!, and Drupal hosting; reseller web hosting, multiple IP hosting, dedicated servers, and VPS hosting. For more information, visit http://www.ahosting.net.

ahosting.net Reads: 998 | Category: General | Source: TheHN : The Hosting News
URL source:

Company: ahosting.net

Want to add a website news or press release ? Just do it, it's free! Use add web hosting news!

Related news


📅 - AHosting Announces Stand Against Freebooting Of Video Creators’ Intellectual Property - AHosting, a provider of premium FFmpeg hosting for video makers, has affirmed its opposition to the increasingly common practice of re-uploading video maker's intellectual property to social media and video sharing sites in an attempt to deny creatives income and exposure from their work.

Freebooting, the name given to the practice by YouTuber Brady Haran, and publicized by other video makers, involves the downloading of popular video content from authorized distribution channels. The content is then uploaded to social media sites and other video sharing platforms, allowing the infringing party to benefit from the exposure and revenue generated by the content, and denying the content ...
📅 - AHosting Celebrates Eleven Years in the Web Hosting Industry - AHosting, a leading provider of CMS and FFmpeg hosting, will celebrate its eleventh year as a builder of specialized web hosting with peerless support this June.

The web hosting industry is highly competitive and AHosting's eleven years of success are a testament to the company's commitment to building strong and lasting relationships with its clients.

As the web evolved, so has AHosting, as it grew from a small generalist web host to a leading provider of specialist web hosting that creates performance optimized platforms for some of the world's most popular content management systems, including WordPress, Joomla!, and Drupal.

“We don't believe in a one-size-fits-all approach to web ...
📅 - AHosting Advises cPanel Site Software Users to Check WordPress Versions - AHosting, a provider of premium WordPress hosting, has advised users of cPanel's Site Software feature to check that any installed WordPress sites are at the most recent version.

The Site Software feature disables WordPress' core update notifications and automatic updates. Although Site Software will handle updates for WordPress sites installed using the addon, in some configurations those updates are not applied, leading to potentially outdated and vulnerable sites. Theme and plugin updates are not affected.

AHosting, which uses cPanel on its shared WordPress and CMS hosting plans, is concerned that server administrators may be unaware of unpatched WordPress sites running on their ...
📅 - AHosting Comments on Recent Google SSL Misconfiguration Warning - AHosting, a leading provider of specialized CMS and FFmpeg hosting, has responded to Google's revelation that 80% of websites have misconfigured SSL implementations by warning hosting clients that they risk missing out on search engine traffic if they don't properly configure their sites for SSL.

In a post published earlier this month on Google Plus, Google Webmaster Trends Analyst Gary Illyes revealed that 80% of HTTPS URLs that were eligible for entry in Google's search index were not included because the search engine company's crawlers could not locate the pages. When webmasters begin to provide SSL, many neglect to properly configure their sitemaps and canonical links to include the ...
📅 - AHosting Warns WordPress Users Of Remote Code Execution Vulnerability - AHosting, a leading provider of WordPress hosting, has released an advisory warning WordPress users to immediately update Linux servers in light of the recent discovery of the GHOST vulnerability.

Because of the publicity surrounding the GHOST vulnerability and WordPress, AHosting has observed that a small number of WordPress users misunderstand the scope of the vulnerability and mistakenly believe that by updating their WordPress installation, they remove the risk.

While WordPress can be used as a vector in the GHOST attack, it is not itself the cause of the vulnerability. The company wants to make it clear that only by upgrading the underlying server operating system can the risk of ...