X
    Categories: Security

WordPress Self-Hosted Websites Hacked Due to Slider Revolution Plugin Vulnerability

While people are still bombarded with the recent Sony security breach, more than 100,000 self-hosted WordPress websites are reported to be infected by a SoakSoak.ru malware due to a critical security vulnerability in a plugin installed on those websites: Slider Revolution, and Google has already blacklisted more than 10,000 sites being infected by the malware. The vulnerability allows hackers to download wp-config.php file and if successful, then hackers will have full access to the compromised web site, then hackers can upload files to the site, inject JavaScript and malware so it can infect more sites. According to Sucuri Security who reported this vulnerability in September to the public, the vulnerability was discovered in February and was only patched silently by the developers without notifying the public (because the company was afraid the exposure of the vulnerability will cause more sites being hacked, what a naive thought!)

Why so many sites are infected?

WordPress has evolved from a pure blogging platform to a popular and full-blown content management system (CMS), and many people are making business out of it. By using the power of WordPress plus paid plugins, such as Slider Revolution, and premium themes, people without programming skills can design web sites for companies. Apparently, Slider Revolution is a popular paid plugin and many web site developers have purchased this plugin to add photo slide effect. What is worse is that this plugin has also been bundled in many premium themes. Although the directly purchased plugin can be automatically updated to patch any security vulnerability, the one bundled in themes must be updated by the theme developers. But because the developers of Slider Revolution decided not to expose the security vulnerability to the public, those theme developers were not aware of the risk and didn’t update the bundled themes.

How do I know if my site is infected?

Sucuri Security has released a free scanner that can scan your web site to let you know if you web site is infected or not. Check your web site with Sucuri SiteCheck.

What if my site is infected?

Honestly, it is very hard to clean the malware, because it is injected on every page of your site. Even you manually cleaned the code, you still need to deal with the backdoors that hackers have installed on your site. So I would honestly suggest you to do a full restore of your site from your backup. You do regularly back up your site, do you?

Jeffrey:
Related Post