WordPress site recovered from hack and defacement still vuln.

Viruses and worms
1

File View: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fstudiomu.co.il%2F&ref_sel=GSP2&ua_sel=ff&fs=1

See: WordPress Version
4.3.1
Version does not appear to be latest 4.5.3 - update now.

Server: Apache/2.2.6
X-Powered-By: None
IP Address: 62.219.23.6
Provider: Bezeq International
Country: Israel

WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

soliloquy *
usquare

Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fstudiomu.co.il%2Fwp-content%2Fplugins%2Fsoliloquy%2Fassets%2Fjs%2Fmin%2Fsoliloquy-min.js%3Fver%3D2.4.3.3

 found JavaScript
     error: undefined variable jQuery
     error: undefined variable $.fn
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var $.fn = 1;
          error: line:1: ....^

Undefined, session issue, because you set this variable in condition testing existence of empty function used.
Info credits go to Stackoverflow’s Panther.

Code to be retired: -http://studiomu.co.il/
Detected libraries:
jquery - 1.7.2 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js?ver=4.3.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery - 1.7.2 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js?ver=4.3.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected and situation worse as a SRI Hash is missing: https://sritest.io/#report/0e575058-ebed-4466-ad27-0fecc3e16ea6

IDs tracking percentage is 0 :wink:

Reverse DNS certificate issue: lv144.1host.co.il

Please contact the Certificate Authority for further verification.
You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Warnings
RC4
This server uses the RC4 cipher algorithm which is not secure. Disable the RC4 cipher suite and update the server software to support the Advanced Encryption Standard (AES) cipher algorithm. Contact your web server vendor for assistance.
SSLv3
This server uses the SSLv3 protocol which is not secure. Disable the SSLv3 protocol and enable a higher protocol version. Contact your web server vendor for assistance.
TLS1.2
This server does not support the latest TLS protocol. Enable the latest TLS1.2 protocol. Contact your web server vendor for further assistance.
This server is vulnerable to:
FREAK and Logjam
This server is vulnerable to FREAK and Logjam attacks. To protect your server from a FREAK and a Logjam attack, disable support for any export cipher suites or known insecure ciphers. Contact your web server vendor for assistance.
Poodle (SSLv3)
This server is vulnerable to a Poodle (SSLv3) attack. If you have not disabled SSLv3 fallback support, disable it now and use TLS 1.2 or higher.
Info
BEAST
The BEAST attack is not mitigated on this server.
Certificate information
Common name:
web7.1host.co.il
SAN:

Valid from:
2010-Oct-27 10:45:35 GMT
Valid to:
2020-Oct-24 10:45:35 GMT
Certificate status:
Unknown
Revocation check method:
Not available
Organization:
Generated by H-Sphere Updater (http://psoft.net)
Organizational unit:
Web Hosting
City/locality:

State/province:

Country:
IL
Certificate Transparency:
Not embedded in certificate
Serial number:
1288176335
Algorithm type:
MD5withRSA
Key size:
1024
Certificate chainShow details
web7.1host.co.ilTested certificate
Contact the certificate supplier to download and install the missing certificate.
Server configuration
Host name:
lv144.1host.co.il
Server type:
Apache/2.2.6
IP address:
62.219.23.6
Port number:
443
Protocols enabled:
TLS1.0
SSLv3
Protocols not enabled:
TLS1.2
TLS1.1
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Unknown
Next Protocol Negotiation:
Not Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Not Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled
RC4:
Enabled
OCSP stapling:
Not Enabled

Vulnerabilities checked:
Heartbleed
Poodle (TLS)
Poodle (SSLv3) X
FREAK x
BEAST x
CRIME

The hoster should mitigate mentioned issues a.s.a.p. “Sabras” should know better. :wink:

polonus (volunteer website security analyst and website error-hunter)