Could Your WordPress Site be at Risk of the CoinHive Hack

How to Check if Your WordPress Site has Been Infected With CoinHive Hacker

A common hack that we have seen throughout 2018 so far is CoinHive hacking. With cryptocurrency growing in popularity it is important for WordPress users to be aware that their site could be used to mine cryptocurrency.

What is the CoinHive Hack?

The trend of cryptocurrencies has resulted in online platforms being created to let webmasters install coin miners into their websites as a way of monetisation.  Cryptocurrencies are a digital alternative to traditional currencies.

CoinHive is a JavaScript library that is used to legitimately mine cryptocurrencies such as Dashcoin and Monero. The idea behind it is that it is a website owner embeds the miner into a website for their users to run in their browser and mine for them in return an incentive.

CoinHive is now one of the most common cryptocurrency hacks.  The hack infects websites to mine cryptocurrency from their visitors without the site owner or visitors being aware. This leads to incredibly slow WordPress sites and high CPU usage for visitors.

Why is WordPress a CoinHive Hacking Target?

Hackers are embedding the CoinHive miner into WordPress sites because it is an easy way for them to make cryptocurrency. A large portion of the internet is powered by WordPress meaning it is a prime target for CoingHive hackers.

CoinHive itself is a target because of how easy it is to use. Anyone can sign up for it which means that those using it may not be well versed in the appropriate security measures. It is said that cryptojacking will only continue to grow so users are being  encouraged to find out the appropriate security methods to take when investing in and working with various cryptocurrencies including CoinHive.

How to Check if Your WordPress Site has the CoinHive Hack:

The CoinHive hack is more subtle than other hacks. The most obvious symptom of the CoinHive hack is that your WordPress site will be extremely slow. This is because the slower it is the more money the hackers can make.

There are a few symptoms of the hack that you should look out for such as your visitors complaining of high CPU strikes when visiting your website. Alternatively you may see modified WordPress core files or legitimate scripts with illegitimate content.

The best way to check if your WordPress site has been infected with the CoinHive hack is as follows:

Open your website and right click anywhere to select “View Page Source”

Right click on homepage and view page source


Then search for the term CoinHive by pressing CTRL + F then typing ‘CoinHive’ into the search box in the bottom left.

Search CoinHive


If there is a CoinHive script running on your site it will look like this:

CoinHive Script




This image is courtesy of Sucuri. You can see the original image and article here.

Protect Yourself From the CoinHive Hack with CuroHosting

The best way to protect yourself from any type of hack is to have a fully secure WordPress website. This includes updating your WordPress core to the latest version, deleting unused themes and plugins and using a secure hosting service.

If you suspect your WordPress site may be infected with the CoinHive hack you need to act fast. The longer it takes for the website owner to pinpoint the problem the more money the hacker makes and the slower the WordPress site becomes.

You can request a free WordPress site clean from us here. We will remove all malware from your site, completely free of charge.

Did you find this article helpful? You may find it useful to learn how to protect your small business online or why you should install an SSL certificate.