Detect and remove Coinhive

WF support will no doubt chime in here, but in the meantime…

Coinhive itself is not the issue, it’s the mis-use of it by malware devs who install/run it without end-user permission that is the actual problem…. not something Wordfence or any other firewall should really deal with.

If Coinhive is installed on your website, you either installed it, or your site was hacked, and someone else installed it.

If the former, delete it and problem solved… if the latter, you have to deal with the way your site was hacked, not just that Coinhive was installed. (Because regardless of Coinhive, your site being hacked means you have a hole in it you need to plug – and that means your site can be compromised in many ways, not just mis-use of Coinhive!)

More info here >> https://www.theregister.co.uk/2017/10/19/malwarebytes_blocking_coin_hive_browser_cryptocurrency_miner_after_user_revolt/

• This reply was modified 7 years, 3 months ago by bluebearmedia.

Hi @dnorenberg
What was mentioned by @bluebearmedia is correct, regarding the second approach (that your website was hacked at some point when this script was installed), did you follow “How to Check if Your Site Is Infected With Cryptocurrency Mining Malware” section in this blog post?

Also, if this was the case, you must follow this guide as well to “Clean a Hacked WordPress Site using Wordfence“.

Thanks.

Or you can to clean file inside:
/wp-content/plugins/js_composer/js_composer.php

and delete:
/wp-content/plugins/js_composer/assets/js/jquory.js

Good luck!

• This reply was modified 7 years, 1 month ago by webstudius.