Do you use the addon for RevSlider (Slider Revolution)? Was your theme applied by this plugin to your WordPress dashboard? This plugin has a significant flaw that can trigger attacks on your WordPress account!
They carry out all kinds of illegal activities while a hacker gains hold of your WordPress website. They steal the identity and payment information of your client or sell on your web drugs and illicit goods. They also redirect clients to malicious pages on their own.
You’re going to lose tourists and jobs. Your AdWords account on your blog will be suspended. Plus, if they find malware available, Google will blacklist your website and your web server will suspend your account.
Today, we’ll address in depth the WordPress RevSlider hack. We’ll show you what you can do to discourage hackers from keeping your site secure. You can also learn how to patch a website that has been compromised.
TL;DR- Install MalCare instantly if you have a compromised WordPress website owing to the Revolution Slider plugin. To find the hack or other malware that is present, it will search your website. You can clean your site in less than a couple of minutes once MalCare identifies the hack.
What is Slider Revolution?
A innovative WordPress plugin developed by ThemePunch is Slider Revolution, also referred to as RevSlider. It helps you to connect to the web sliders and carousels, hero headers, special effects, and content modules.
It makes you, without any coding background, to do all this. It is easy to create a simple gallery or a beautiful WordPress website that is sensitive. This plugin is therefore trusted by 7 million users worldwide!
The RevSlider Exploit: What Happened?
Over time, RevSlider has seen the development of three exploits, namely an XSS (cross-site scripting) vulnerability and a mass shell upload exploit. Here, in the RevSlider plugin discovered back in 2014-the WordPress SoakSoak Compromise, we concentrate on the most significant weakness.
How serious was the RevSlider Hack, then? Hackers may access a website in full, hack databases, and inflict irreparable damage. Among a long list of malicious actions, they use the web to snatch sensitive info, defraud clients, market counterfeit goods!
Also known as Local File Inclusion, this vulnerability category (SoakSoak) is (LFI). It supports remote downloads of arbitrary files and uploads of arbitrary files. This means that an intruder might access a local file on the server, check and download/upload it.
We’ve demonstrated an example to show you how remote attackers can download a file.
If the Slider Revolution was mounted on a website called example.com (plugin versions 4.2 and below), the config file could be downloaded by a hacker. They will do so as an order using the following URL:
http://example.com/wp-admin/admin-ajax.php? action=revslider show image&img=../wp-config.php
This will show your wp-config file containing your database credentials in plain text to the hacker. There is no encryption in this file, because everyone can read it just like you are reading this post.
In this manner, the hacker might remotely delete any file from the website’s registry. They could also install and use a php file to manipulate author rights and obtain access from administrators.
ThemePunch patched the RevSlider Exploit secretly to avoid making the flaw public and encouraging hackers to attack millions of pages. Yet still further problems were caused by this.
The RevSlider Exploit: Where did things go wrong?
ThemePunch immediately but quietly issued a patch after finding the flaw. Based on advice they got, there was no public statement made.
It has an auto-updater if you have bought the slider module from them. So, with the introduction of version 4.2 with the patch, without any interference from you, the plugin must have been automatically modified.
However, there are over 7 million installations of the plugin. As a part of their bundles, several WordPress themes sell it. In markets like CodeCanyon, it is also available. You would not have got the update if you ordered this paid plugin from either of these marketplaces even if it was integrated in one of the WordPress themes. You will still have no note of the need to upgrade it.
This is where stuff has gone wrong. Eventually, the flaw was made public and was successfully used. But no warning or notice about the Revslider Exploit was issued by several site owners.
Here’s how you can patch it if the RevSlider Vulnerability has led to a compromised website.
How to Fix a Website Hacked through Slider Revolution Exploit
We explained earlier that hackers are able to obtain access to your server during a WordPress RevSlider attack. They will access wp-config.php files containing the credentials of a database. They can even download arbitrary files and steal your website’s content. In addition, on your website, they will build fake admin accounts and install backdoors.
It will prove futile to attempt to patch a compromised site on your own. Hackers mask their malware intelligently, or conceal it from you. It is not only hard to spot, but the virus is also common. Other than being accessible, we find that there are no other advantages to the manual approach. You should search our guide on how to patch the compromised WordPress account if you want to try it.
What we DO suggest is to clean the site using a WordPress protection plugin. We have chosen the MalCare Protection Plugin today to teach you how to get rid of a hack. This is the reason why:
- If it’s concealed or masked, it can detect some form of malware. MalCare tests the code’s actions and this lets it decide whether or not it is malicious.
- A deep scan of the WordPress account is done by MalCare. Both archives and databases are used with this.
- If ransomware is present, a notification of how many corrupted files were detected would be shown.
- Although it can take hours or days for some WordPress plugins to clean a site, MalCare has an alternative to auto-clean the website. It needs a couple of minutes.
How to Use the MalCare Security Plugin
On the WordPress account, setting up MalCare is quick and takes only a few basic steps:
Note: Contact our team or use our emergency cleaning services if you are unable to reach the WordPress account and are unable to update the plugin.
- On your web, install MalCare.
- Attach the dashboard to the site.
- The deep scan would run automatically until completed. If you are still a MalCare customer, visit Protection > Search Site on the dashboard.
- Once you detect malware, you’ll see a prompt .
- To start the cleaning process, you can select ‘Auto-clean’.
- It will take a couple of minutes and once it’s over, you will get a notification. In order to see that all is normal, we suggest visiting your website.
If you need to handle numerous websites, MalCare is also incredibly useful, because you can connect all of them to a single dashboard.
Sensitive information like your database credentials is affected by this kind of Local File Intrusion (LFI) attack. So, after cleaning your site, we suggest a few more measures.
After Care for RevSlider Exploit Attack
To ensure that your Slider Revolution sensitive website is secure from potential attacks, we recommend you take these steps:
- Update to the most current edition of the Slider Revolution plugin.
- Contact the theme developers to ensure they upgrade the plugin for you if you have a WordPress theme kit that has Slider Revolution.
- Access your wp-config file and edit your password for your database. Via cPanel or FTP, you need to do this manually.
- Check the list of plugins and themes for WordPress that you’ve built on your account. Remove something that you don’t remember or no longer have. Scan the themes and plugins on your website periodically as well.
- On your WordPress dashboard, search the user profiles. Remove those that are not remembered by you.
- Adjust all user account passwords.
- Implement the WordPress hardening steps recommended.
- Run daily checks on the WordPress site for penetration. For this, you should use Kali Linux.
Preventing an Exploit of RevSlider’s Vulnerabilities
If you use the RevSlider Plugin, you need to upgrade your plugin instantly to keep your site from being hacked! Ensure that the new edition of Slider Revolution is running on your WordPress account.
If you do not see a WordPress dashboard upgrade button, you will need to uninstall the vulnerable versions and reinstall the latest edition. Alternatively, to provide feedback on how to upgrade the plugin, contact the developers.
Check to see whether you have the Revolution Slider included with the box if you are using a WordPress theme package. Most bundles with WordPress themes have auto-updaters. If you need assistance upgrading, contact your topic’s support staff.
We’re assured that if you’ve taken the above precautions, your WordPress website has protection against any potential hack attempts.
Thousands of attacks on WordPress pages were triggered by the RevSlider Exploit. When a fix was silently issued by the developers, several websites became blissfully unaware that their pages were compromised and attacked.
Situations such as this bring to light the value of taking your own offensive protection precautions. You can be assured that your site has protection from malicious activities with the MalCare security plugin enabled on your site. The strong firewall and login page security mechanisms secure websites from attacks by brute force, phishing hacks, etc. It will constantly search the website and defend it at all times.