Bunch of website hacked

Here some more hints:
All the websites are up to date to 4.2.2, some IT some EN.

Plugins are up to date, a couple of them had sucuri outdated.

All of the websites have sucuri and wordfence installed.

Hi AC,

I have the same code added to my sites.

Did you figure out how the attacker was able to append it?
Which plugin was used to perform the attack?

Hi,
It turned out that wp-symposium was outdated, even if the plugin section of one of our websites told us that everything was up to date.
A reverse shell was loaded and a script looked for all the index.php files it could reach and put on the malicious code.
Good luck with the fix!

Sadly, folks often miss the very serious security ramifications of hosting multiple websites or blogs under one account.*

All it takes is one command for a would-be hacker to wipe the entire directory clean.
I hope you have backups.

* Segregation of websites is the one of the best security safeguards you can implement moving forward.

I have this exact issue too. Do you know how it got in?

Is impossible to say Alundra without a first hand visual review.

The issue is it got into a website not even in Google at the time. I mean it literally had not been shared anywhere and by the time we found the issue we didn’t have access logs for it. I was hoping someone had more info. I didn’t have wp-symposium plugin but I did have an out of date WordPress install.