To check if your revolution slider in WordPress is vulnerable, access the below URL:
http://www.YourWebsite.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
If accessing the URL downloads a file (admin-ajax.php), the contents of which are those of your WordPress Installation’s wp-config.php file, then your Revolution slider is vulnerable as your Hosting Database credentials are exposed to hackers.
The Fix: Disallow any URL that has wp-config in the query string. To achieve this add the bolded out line to your .htaccess file
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} wp-config.php
RewriteRule .* - [F]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
More security can be added by adding the below lines also in the .htaccess file:
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?YOUR Domain\.com [NC]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
RewriteRule ^(.*)$ - [R=403,L]
RewriteCond %{REQUEST_URI} ^/(.*)?xmlrpc\.php(.*)$
RewriteRule .* - [F]
RewriteCond %{QUERY_STRING} environ [NC]
RewriteRule .* - [F]
RewriteCond %{REQUEST_URI} ^/wp\-content\/uploads\/(.)*\.php
RewriteRule .* - [F]
RewriteCond %{QUERY_STRING} wp-config.php
RewriteRule .* - [F]
The blocks that are achieved by using above lines in the .htaccess file:
- only allow POSTs from my own site
- block any requests to xmlrpc.php
- block any request with environ in the query string
- block any requests to .php files that have been uploaded
- block any requests that has wp-config.php in the query string