Call Us : +1-678-551-2452
+91 77381-86899

Revolution Slider Vulnerability and Fix

To check if your revolution slider in WordPress is vulnerable, access the below URL:

http://www.YourWebsite.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

 

If accessing the URL downloads a file (admin-ajax.php), the contents of which are those of your WordPress Installation’s wp-config.php file, then your Revolution slider is vulnerable as your Hosting Database credentials are exposed to hackers.

 

The Fix: Disallow any URL that has wp-config in the query string. To achieve this add the bolded out line to your .htaccess file

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /
 RewriteCond %{QUERY_STRING} wp-config.php
RewriteRule .* - [F]
 RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
More security can be added by adding the below lines also in the .htaccess file:
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?YOUR Domain\.com [NC] 
RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
RewriteRule ^(.*)$ - [R=403,L]
RewriteCond %{REQUEST_URI} ^/(.*)?xmlrpc\.php(.*)$
RewriteRule .* - [F]
RewriteCond %{QUERY_STRING} environ [NC]
RewriteRule .* - [F]
RewriteCond %{REQUEST_URI} ^/wp\-content\/uploads\/(.)*\.php
RewriteRule .* - [F]
RewriteCond %{QUERY_STRING} wp-config.php
RewriteRule .* - [F]
The blocks that are achieved by using above lines in the .htaccess file:
  • only allow POSTs from my own site
  • block any requests to xmlrpc.php
  • block any request with environ in the query string
  • block any requests to .php files that have been uploaded
  • block any requests that has wp-config.php in the query string
Leave a Reply

Pay with PayPal

Icon Web Solutions Service
Other Amount:
Name:

Testimonials

It has been a great pleasure working with Icon Web Solutions on the development of my digitized logo and website. From the initial phases of web design, the Icon Web Solutions team has been a pleasure to work with
Naren, USA

REQUEST A QUOTE

Request A Quote

Please fill the form to request a quote from us

Name (required)

Email (required)

Phone

Services
 Website Design & Development Logo Design SEO SMO Payment Gateway Integration Others

Any Other Detail

Input Text Shown in Image
captcha