jerryaustralia

Hi

I woke up this morning with my WordPress website hacked. They posted a message on my wall saying: Kaiser Malware was Here. I didn’t read the whole message but they were asking money to recover my website.

I didn’t have Wordfence installed but an user from my website saw the post and sent me a private message saying that Revolution Slider was causing a breach on my website and it could be hacked. He even sent me (on the message) my username and password. In fact I had RevSlider installed on my site.

First I deleted all new usernames that were created along with all changes that have been done on the website by the hacker, among them they installed a FTP plugin.

After that I uninstalled Revolution Slider and installed Wordfence. I ran the scan and Wordfence found that my Index.php file had been changed and they included a code starting with “eval”.

Wordfence recovered the original file and deleted the changed one.

Long story short, it was a nightmare, but fortunately it was fixed quickly.

I can’t say that the problem was due to RevSlider or not, but I’m just explaining what happen on my website and according to the user, it was due to RevSlider.

I changed all passwords, installed Wordfence, Installed security manager, and I hope it doesn’t happen again.

I hope it can help.