Call Us : +1-678-551-2452
+91 77381-86899

Revolution Slider Vulnerability and Fix

To check if your revolution slider in WordPress is vulnerable, access the below URL:


If accessing the URL downloads a file (admin-ajax.php), the contents of which are those of your WordPress Installation’s wp-config.php file, then your Revolution slider is vulnerable as your Hosting Database credentials are exposed to hackers.


The Fix: Disallow any URL that has wp-config in the query string. To achieve this add the bolded out line to your .htaccess file

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /
 RewriteCond %{QUERY_STRING} wp-config.php
RewriteRule .* - [F]
 RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
More security can be added by adding the below lines also in the .htaccess file:
RewriteCond %{HTTP_REFERER} !^http://(.*)?YOUR Domain\.com [NC] 
RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
RewriteRule ^(.*)$ - [R=403,L]
RewriteCond %{REQUEST_URI} ^/(.*)?xmlrpc\.php(.*)$
RewriteRule .* - [F]
RewriteCond %{QUERY_STRING} environ [NC]
RewriteRule .* - [F]
RewriteCond %{REQUEST_URI} ^/wp\-content\/uploads\/(.)*\.php
RewriteRule .* - [F]
RewriteCond %{QUERY_STRING} wp-config.php
RewriteRule .* - [F]
The blocks that are achieved by using above lines in the .htaccess file:
  • only allow POSTs from my own site
  • block any requests to xmlrpc.php
  • block any request with environ in the query string
  • block any requests to .php files that have been uploaded
  • block any requests that has wp-config.php in the query string
Leave a Reply

Pay with PayPal

Icon Web Solutions Service
Other Amount:


It has been a great pleasure working with Icon Web Solutions on the development of my digitized logo and website. From the initial phases of web design, the Icon Web Solutions team has been a pleasure to work with
Naren, USA