<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

New Imunify Protection Against WP-VCD

Apr 10, 2020 2:24:28 PM / by Dmitry Tkachuk




WP-VCD is a hacking campaign that’s responsible for the vast majority of WordPress malware infections. It has launched massive campaigns that have been very effective. Conducted on weekends, when many security staff are off the job, its campaigns have infected around two million WordPress sites. 

What’s more, this problem is getting worse. The chart below shows the number of WP-VCD infected sites per million WordPress sites: 


pasted image 0 (13)


How does WP-VCD infect so many servers?

Most servers get infected with WP-VCD malware when WordPress users install a free WordPress theme. They’ll go to a site that offers “nulled” themes (premium themes modified to make them free), download one, install it...and unknowingly import a malicious payload hidden in the theme. 

Once activated, the malicious payload infects all the themes on a WordPress site, which means that even if the theme is removed, the site will still contain malware, and remain under the control of WP-VCD. 


pasted image 0 (14)


Imunify employs a new approach to neutralize WP-VCD. 

WP-VCD malware doesn’t need a specific request to be activated. Any legitimate request made by a WordPress user will activate it. This means that traditional firewalls, which filter out specific requests, are useless in blocking it. 

Imunify360, however, employs a new approach to neutralize WP-VCD malware. During the installation of an infected theme, Its Proactive Defense component identifies malicious code in files, then skips the execution of that code. Then it directs the files that contain malicious code to be cleaned by AI-Bolit. 

This means that Imunify360 won’t break the web site, even if malicious code is deeply hidden in the subroutines of a WordPress theme. 


How to enable this protection in Imunify360: 

  1. Login to your hosting panel.
  2. Navigate to the Imunify360 plugin page. 
  3. Click Proactive Defense in the top menu. 

    pasted image 0 (15)
  4. Activate Kill Mode. 

           pasted image 0 (16)-1


You can also activate Kill Mode in the CLI by running this command:

# imunify360-agent config update '{"PROACTIVE_DEFENCE": {"mode": "KILL"}}'


How effective is Imunify against WP-VCD? 

Very effective. On servers with Kill Mode enabled in Proactive Defense, the number of infections decreased by over 90%. The small percentage of remaining infections resulted from misconfiguration issues or outdated platforms. 

The chart below shows the number of WP-VCD infections per million sites on servers running Imunify360, before and after enabling Proactive Defense Kill Mode: 


pasted image 0 (17)


Please share your feedback with us.

The Imunify product team would like to hear from you. To share your ideas, observations, and feature requests about the Proactive Defense module, please send them to us at feedback@cloudlinux.com.

If you have questions on how to use Imunify360, or you’d like to resolve a support issue, please contact the Imunify support team at cloudlinux.zendesk.com.


Topics: Imunify360, Advice, ProactiveDefence, Analytics

Dmitry Tkachuk

Written by Dmitry Tkachuk

Imunify Security, Product Manager

    Subscribe to Email Updates

    Ready to try Imunify?

    30-DAY TRIAL

    Recent Posts