This is how your WordPress Website was hacked
March 8, 2016
Did you just get a notice from your hosting company that your website was hacked? If your WordPress website is loading slower than usual and you have strange elements appearing on your pages, you’ve most likely become a victim.
The #1 cause of all successful WordPress website hacking comes from the plugins you are using.
Slider Revolution is one of the most popular WordPress sliders, used on over 1.5 million WordPress websites. When purchasing the plugin, all the source code is released to the public, and in doing so hackers find vulnerabilities, like one did a year ago.
The developers of this plugin created a function to view images, but this function was never secured. It could be accessed by any user, and allows hackers to search for any files, not just images. If you go to www.yourwebsite.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php, you would be able to download your website’s wp-config file, which allows hackers entry into your website.
Once a WordPress plugin vulnerability like this is discovered, the developers patch it up and release the update to the public. Until you make this update, your website could be easily hacked.
How to protect your WordPress Website
Updating your plugins is a crucial. Don’t just leave them unattended and think they’ll be alright. When in doubt consult an expert.
Install Wordfence Security. This plugin will be the best install you ever make. The Wordfence team rigorously searches for vulnerabilities and helps protect your site. Wordfence notifies you when plugins are outdated and will attempt to close backdoors caused by vulnerabilities in plugins (such as that one by revolution slider).
Was your website already hacked? Contact your web developer (or us at 905-597-6943) to repair your website.