Wordfence says it found malware originating from a pirated WordPress theme or plugin on 206,000 sites, accounting for over 17% of all infected sites.