Security Alert: Slider Revolution

What is Slider Revolution?

slider-revolution

It is one of the most common sliders (rotating slideshows) used in premium WordPress themes. Chances are,  your site uses this plugin if your theme was purchased through ThemeForest.

What is the Problem?

Old versions of Slider Revolution (Pre 4.5) can allow access to your wp-config.php file. This means a hacker has the ability to completely take over your website and do what they wish with it. This is a major security flaw that the developers of the plugin did not disclose to the public until after they released a fix.  Revolution Slider is a premium plugin, which eliminates the ability to alert your site of an update through the “Plugins” page of WordPress.

What Should You Do About It?

First, check to see if your site is using Slider Revolution. You will see this menu at the bottom left side of your WordPress Dashboard:

rev-wordpress

If you do see this, your site currently uses Slider Revolution. You may not see it in your Plugins list if it was bundled with a premium theme.

You have two options:

  1. Update the Plugin
    • Download the new version of Slider Revolution here.
    • Go to your file manager (or FTP) and upload the new version in your “Plugins” folder.
  2. Update Your Theme
    • See what theme you are using by clicking “Appearance” then “Themes”. This page will show you the active theme on your site.
    • Search for that theme at ThemeForest, download the new version, find Slider Revolution files and replace in your theme.

If you need help doing this, let us know!

 

1 reply

Trackbacks & Pingbacks

  1. […] is not yet clear exactly where the vulnerability is being exploited, but it could be related to the Revolution Slider vulnerability we highlighted a few months ago. The best protection you can have is a completely updated […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.