Website security firm Securi have revealed that over 100,000+ WordPress websites have been infected with a mysterious Russian malware nicknamed SoakSoak. Google have been quick to take action to protect their users by blacklisting over 11,000 infected sites. Effectively taking them off line, visitors to these infected sites will now find their site replace with the following warning.
It's a scary proposition to discover your site has been compromised by hackers and scarier still that Google will blacklist your site and take it offline with no warning. While security firms have yet to establish the goal of the hack, the implications for business owners running their websites on WordPress is clear - clean up your infected site or risk dropping off Google's search results.
To be fair to the WordPress platform, this is not a vulnerability in the core CMS but rather a vulnerabilty with a popular PlugIn called Revolution Slider.
The problem for site owners though are many fold:
So if you *are* running WordPress and wondering if your site is open to attack via RevSlider, here's a very simple way to identify it's use.
<link rel='stylesheet' id='rs-plugin-settings-css' href='http://yoursite.com/wp-content/plugins/revslider/rs-plugin/css/settings.css?rev=4.6.0&ver=4.0.1' type='text/css' media='all' />
If you do see a reference to RevSlider, it doesn't mean your site has already been hacked but you are at risk. Hackers can effectively take control of your site and access key parts of your site such as your database credentials. The key thing here is to identify the version number. Anything running 4.1.4 or older must be updated immediately. Speak with your Web Development team as soon as possible and organise an upgrade to the patched version of Revolution Slider.