Google has blacklisted over 11,000 websites as of Sunday due to the SoakSoak attack. Hackers are using the RevSlider hole to infect sites with the malware. It has been reported that over 100,000 websites has this vulnerability. It comes in through the hole of the RevSlider plugin, uploads its own backdoor to your site, then infects everything on the server. If a site is on a shared hosting and does not use RevSlider, it could still become infected due to other sites hosted on the same server. Any version below 4.2 is a security threat and should be updated immediately. Right now they are at version 4.6.5.
The RevSlider plugin is very popular. It is built in many themes from Envato's Marketplace-CodeCanyon. Many of their themes have it bundled in and consumers do not realize to look for the plugin. Some are still running the same version of RevSlider as what was built in the the theme. It has also been a stand alone plugin that many have used. The vulnerability was patched back in February but many WordPress users have not updated yet. This is what has caused the major hack attack.
How to fix the RevSlider Vulnerability
Update. If you have the plugin as a stand-alone please update it now.
Check your theme. If you are using an Envato theme please check it for the RevSlider plugin. Many of the themes you can purchase from CodeCanyon has them bundled into the theme.
Do not try to just delete the infected files. It will not close the backdoor and your site will get infected again. We are here to help you get your site clean and secure.
WPSecurityLock’s team are experts at finding and fixing malicious code on WordPress sites and plugins. If you think your site has been hacked, we can remove malware. If you need repair services, such as updating plugins like RevSlider, we offer a full range of WordPress repair services. These services are also included in many of our WordPress monthly security packages, which include site monitoring, plugin updates and provide you with peace of mind.