SoakSoak Malware affects 100,000+ WordPress sites

Sucuri recently reported that hundreds of thousands of WordPress sites have been infected with a new strain of malware, which injects malicious JavaScript into every page of affected sites.

According to their analysis, the “SoakSoak” malware uses a known vulnerability in old versions of the Slider Revolution plugin to infect sites.

In September, we reported the Slider Revolution vulnerability and released a hotfix, which prevents attackers from taking advantage of the vulnerability on all sites running VaultPress 1.6.5 or later.

Today, we’ve released an update for our security scanner to detect any cases of the SoakSoak malware.

We are scanning all VaultPress-protected sites for this malware, regardless of plan level. We will contact site owners who are affected and will work directly with them to repair their sites.

Fixing a compromised site

We will contact you, if we determine that your site has been compromised. The easiest way to fix this vulnerability is for you to re-install your core WordPress files. You can do so in just a few steps:

1. Visit your WordPress dashboard.
2. Navigate to Dashboard → Updates
3. Click the Re-Install Now button and follow the prompts on screen.

To be extra safe, you should also ensure that you’re running the latest versions of the VaultPress and Slider Revolution plugins.

As always, if you have any questions or need further help, feel free to contact us!


Posted in General | Leave a comment

Serious Vulnerability in bash

A serious vulnerability has been found in bash, one of the core tools found on almost every Unix, Linux, and Mac OS X system. The vulnerability affects most versions up to and including 4.3, except certain patched versions like 3.2.52(1).

You should assume that your server has an exploitable version of bash, unless you are certain that it has been patched.

This vulnerability can allow remote attackers to run arbitrary shell commands on your server, and potentially allow them full access to your data or control over your server.

We strongly recommend that you check which version of bash your sites’ host is running, and upgrade if necessary. In many cases, you will need to contact your hosting provider, and ask them to verify and update bash for you.

How do I know if my server is at risk?

One way to check whether you are running a vulnerable version of bash is to run the following commands on your server’s command line:

env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
env X="() { :;} ; echo busted" `which bash` -c "echo completed"

If either command outputs the word “busted”, then you are likely running a vulnerable version of bash, and should contact your hosting provider as soon as possible.

If you’re using VaultPress Premium or the Security Plan, we’re scanning your server for vulnerable versions of bash. If we detect a vulnerability, we will attempt to notify you via email. You will then need to upgrade to a fixed version of bash.

How can I upgrade my version of bash?

Many of our users will need to contact your hosting providers in order to upgrade bash. If you have access to your server’s command line, you can upgrade to the latest available version by running the following commands:

For servers running Ubuntu or Debian:

apt-get update && apt-get install --only-upgrade bash

For servers running CentOS:

yum upgrade bash

If your server is not listed, or you’re not comfortable using the command line, please contact your hosting provider for assistance.

If you are able to upgrade bash, please try running the test commands again to help verify that your bash installation is no longer subject to this vulnerability.

Need help?

Due to the nature of this vulnerability, you should contact your hosting provider if you need any assistance in upgrading to a fixed version of bash.

As always, feel free to drop us a line if we can help!

Posted in General, Security | Leave a comment

Vulnerability In The Slider Revolution Plugin

Sucuri has discovered a very serious vulnerability in the ‘Slider Revolution’ plugin. All versions below 4.2 are exploitable.

As the Sucuri blog post points out, this is serious. This vulnerability can allow an attacker to read any file on the system that the PHP process can access. One obvious target is the wp-config.php file, which contains the username and password for your WordPress database, making it a common target.

Version 1.6.5 of the VaultPress plugin has a new hot fix that protects against attempts to exploit the vulnerability. If you have provided SSH, SFTP, or FTP access to us, then we’ve already pushed out the updated plugin to your site.

If you have not provided us SSH, SFTP, or FTP access, please download VaultPress version 1.6.5 and install it.

To allow us to update your plugin remotely with security hot fixes, add or update remote access credentials in your account dashboard.

While the ‘Slider Revolution’ is a plugin, there are also themes that ship with it as well. Be sure that any installations of the plugin or themes that use it are using the most recent version (4.6 right now ).

If you have any questions about this update please let us know.

Posted in General | Tagged | Leave a comment

How VaultPress Works

We’ve recently updated the way VaultPress stores your backup data, to make it more space-efficient and to allow for faster restore times.

Now seems like a great time to describe how VaultPress works.

Replicated, but not duplicated

Everything that VaultPress backs up is pushed to a replicated filesystem. We store multiple copies of everything to protect your data.

However, VaultPress also works hard to avoid backing up duplicate copies of unchanged data we already have on file. Taking more copies of your data than our replication system already produces would be a waste of storage space, and would add unwanted extra traffic to your site during each backup.

Before taking a fresh copy of anything from your site, we check to make sure it has changed and is worth backing up again.

Keeping track of your data

Because we avoid unnecessarily duplicating unchanged data, each backup snapshot can contain data taken at various times, depending on when each file or database table was last changed. Most pieces of data in our replicated filesystem are reused in multiple backup snapshots, too.

To track which files belong in each snapshot, VaultPress generates a Manifest file for each snapshot. Manifest files contain a list of every piece of data that belongs in each snapshot.


For example, if photo.jpg is changed once, we keep two copies of it and reference each version from multiple snapshot manifests.

Every day, VaultPress scans your site for any file or database table that is new or has changed, and generates a fresh backup copy as required.

Staying up to date

Some of our plans offer live backups, in which we keep an up-to-date backup of your site and generate hourly snapshots that include all of your latest updates.

If your VaultPress account has live backups enabled, the VaultPress plugin installed on your site quietly watches for changes to your data. Whenever you upload a file, create or edit a post, or make other changes to your site, the VaultPress plugin detects it and notifies of the change.

When a file is changed on your site, VaultPress backs up a fresh copy of that file and includes it in the next snapshot manifest file.

When you make a change to a database table, however, VaultPress doesn’t take a full copy of that table. Some WordPress tables can get quite large, and re-copying a table for every update would be slow and bandwidth-hungry.

Instead, VaultPress creates a new file that describes what has changed, adds it to our replicated filesystem, and includes it in your next snapshot manifest file. As you make multiple changes to your database, multiple sequential SQL change files are stored to track each change.


When a table is modified, we store a record of the changes between daily full backups. Each manifest contains more change records than the last.

Building a restore file

When you tell VaultPress to restore your site or choose to download a backup snapshot, VaultPress generates a new restore file. Each restore file is a zipped archive containing all of your site’s files and SQL table dumps to regenerate your database.

To generate a restore file, VaultPress first reads your backup snapshot’s manifest file. It uses that file to find every piece of data relevant to that backup and combines them into one archive file ready for restore or download.

Each table in your database is assembled from one full table dump, and all of the change records generated up to the snapshot you requested.

About the VaultPress update

Before the VaultPress update, we were storing each SQL row in a separate file in our replicated filesystem. That slowed our restore times, because each table had to be regenerated from potentially millions of individual files.

Now we store table dumps and changes, building a restore typically involves far fewer files per table.

Based on our tests, the new backup system reduces the time required to build restore files by anywhere from 25% to 90%, depending on the contents of each backup. Sites with large database tables will be affected the most, but the speed improvements will vary from site to site.

Aside from faster restore times, you shouldn’t notice any further differences in our backup service.

If you run into any trouble, or have any further questions, please let us know at

Posted in General | Leave a comment

Custom Contact Forms Plugin Vulnerability

The web security team at Sucuri recently discovered a vulnerability in the Custom Contact Forms plugin.

If the Custom Contact Forms plugin is installed on your self-hosted WordPress site, your site’s security may be at risk, and you should upgrade to the latest version of the plugin immediately.

The vulnerability was fixed in version

We automatically updated the plugin for VaultPress customers. For the small number of cases where were not able to update the plugin we’ve emailed the site owners directly about updating.

Posted in General | Leave a comment