Massive Hack via WordPress Slider Revolution Vulnerability
Has your website disappeared from Google’s rankings in the past couple of days? It may have nothing to do with your SEO or your competition beating your rankings, and instead it could be a hack on your website that has been flagged by Google. In the last couple of days, Google has blacklisted or blocked over 11,000 domains! The blocks are widely in part due to a new malware campaign from SoakSoak.ru, and it’s expected to see that number increase dramatically here over the next week or two.
Much of the buzz on the internet has blamed the hack on an exploit in the Slider Revolution Responsive WordPress Plugin or as it’s more commonly known, Revolution Slider or RevSlider. This is a popular WordPress Plugin released through Envato and included in hundreds of Premium WordPress Themes available through Envato for purchase, amongst other online stores. In August 2013, this slider was installed on more than 23% of the top ten million websites around the world.
Vulnerable Script for Several Months
There have been dozens of updates throughout 2014 for this particular slider and in September 2014, there was a massive amount of exposure pointed at the plugin directly. Unfortunately, most of the various WordPress Theme Developers did not bother to make updates in their own themes, and continued to release a vulnerable script in their packaged WordPress Themes.
Some of the updates and announcements were kept quiet for fear of a mass exploit of the issue, but here we are in December 2014, and we’re now dealing with that massive exploit.
The security firm Sucuri has announced that the exploit has impacted 100’s of thousands of WordPress websites. The effects of this exploit may take several months to compile, but one thing is for sure today, if you’re using this particular script on your website, you need to update ASAP.
The September 2014 list of themes that packaged the slider in their theme was an insane list of 292 popular themes. These were all using the vulnerable version as of September 5th, 2014. Another 905 themes were using a “patched” version of the plugin for new releases, however it is unknown how many of their previously downloaded packages people were using and had updated. While we don’t have a list of the December 2014 exploited themes yet, you can see the full list for the September 2014 exploit here: http://marketblog.envato.com/news/affected-themes/
We Once Again Plead With Theme Developers
The most frustrating part of the entire situation is that while the makers of the RevSlider were aware of the exploit and patched the exploits in both February and September, many Theme Developers didn’t pass the exploits along to people who purchased their themes. As a result, many end users, be it clients or webmasters with their own clients, didn’t get the announcements and were unaware that there was even an issue.
This is the reason that personally, I’m not a fan of plugins that are pre-packaged with WordPress Themes. Not only do they add extra bloat to a website code, but they often don’t hook back to the actual plugin developer’s website. You could go months or even years, and not know that there was a new update – unless you were specifically looking for it.
The requests from the WordPress Community at large for the past several years have been to provide links to the various plugins used in a theme, but request that developers do not make their own custom bundles that could result in lack of updates or customized code preventing updates. These requests have gone largely ignored by theme developers. Their failure to adhere to the demands has led to another massive exploit affecting hundreds of thousands of websites.
How to Check and Resolve The Problem
If you’re using the Slider Revolution plugin, check your website, and if you are running any versions prior to 4.2, which was released in February 2014, you need to update your script. For Big Red SEO, we recommend that if you are not running the latest version (4.6.5 released December 2nd, 2014), then you should update.
To check your version, just go to the WordPress Administration section in your website (WordPress Backend) and click to the Plugins section. On there, you’ll see a list of plugins that are installed on the website. The Revolution Slider will have the Version listed beside it. If it’s out of date, you need to update. You may be able to update the plugin directly on that screen, or you might have to download the actual package from the developers website.
Contact Big Red SEO
Before making any changes, we strongly recommend making a backup of your website. If you’re not familiar with making updates on your website, please contact your website developer. The team at Big Red SEO are very familiar with WordPress and utilize it daily for various client website design projects. If you have any questions regarding your own website, or need to hire someone to investigate or resolve an issue in your WordPress website, please call (402) 522-6468 or fill out our contact form online! We love WordPress, but it gets a bad reputation due to people not updating their websites. We can take care of that for you too!