HostMonster Web Hosting Help
Emergency WordPress Plugin Update: Slider Revolution
The WordPress plugin; Slider Revolution, versions prior to 4.2, has been found to be vulnerable to unauthenticated file access. This means that hackers are able to use this plugin to access any content on your hosting account, e.g. config files containing passwords. On September 3rd 2014 we attempted to force upgrade all instances of the plugin, however due to the way this plugin has been designed we were unable to force the upgrade.
Is my WordPress installation vulnerable?
You will need to confirm that you are running, at least, version 4.2 of the Slider Revolution plugin. Because this plugin has been packaged with many themes you will need to check for theme updates as well as for an update for the plugin.
Updating the Plugin:
- Login to your WordPress Dashboard.
- Open the Slider Revolution backend.
- Locate the Update button, should be in the lower right corner.
Updating the Theme:
A list of exploited themes has been compiled by Sucuri. For updated versions of your theme you will want to check with the theme vendor for an updated version.
How can I protect myself from future exploits?
The best thing to do is to keep your software up to date. Frequently checking for and applying core software (e.g. WordPress) updates as well as Plugin and Theme updates will help keep your software secure. You may also want to look into using a security service such as SiteLock or CloudFlare