If you have a WordPress blog or host a site on WordPress, then you need to listen up. A malicious new software has been observed "in the wild" attacking WordPress sites.
It's being called RevSlider, and it inserts malicious blocks of code into the site posts, causing the blog or site to be blacklisted on Google. Over 11,000 sites have already been blacklisted as malicious by Google, and over 100,000 sites have been compromised.
"About 100,000 or more websites running the WordPress content management system have been compromised by mysterious malware that turns the infected sites into attack platforms that can target visitors, security researchers said."
Security experts aren't sure yet where the attack came from, but they suspect that it came from a security flaw in the Slider Revolution WordPress plugin.
Don't worry about my site, it hasn't been affected. But you should definitely take a look at your site to make sure that you haven't been compromised.
Thankfully, there's a site called Sucuri that will perform a free site check to make sure that your domain hasn't been affected. Click here to check your WordPress site for RevSlider.
The cleaning and disinfection of affected WordPress sites isn't easy, but it's doable. First, check out the Sucuri site to make sure your site isn't compromised.
Then, you have to remove the malicious code and patch the backdoors and security holes that have been created by the attack.
"Disinfection involves removing malicious code added to a script located at wp-includes/template-loader.php. WordPress admins who use the Slider Revolution plugin should also ensure it's up to date ..."
Sucuri recommends that you immediately put a firewall in place, preferably its own, to protect your now-vulnerable site until you or your site administrators can get everything cleaned out and patched up.