Wordfence, the website application firewall (WAF) solutions provider for WordPress sites, said pirated plugins and themes were the most common source of malware infections. The malware scanner of the security firm has detected more than seventy million malicious files on at least 1.2 million WordPress sites in the last year.
The scanner has detected malware that originated from the nulled/pirated theme or plugin on at least 17% of the sites, i.e., 206,000 sites. Out of these, 154,928 sites were impacted by a version of WP-VCD malware. Legitimate sites have also been infected and attacked by other means.