Three days ago, our web host alerted us that the file “wp-content/uploads/rtMedia/tmp/rt.php” had “likely been uploaded by others.” We didn’t see the message until this morning when our site went down. At that point we saw the message along with another one from this morning alerting us of several other new, suspicious files on our site (in the main directory this time). I deleted/restored all the affected files our host found and got our site back online. I don’t know how the malware got on our site or whether this morning’s hack was related to the wp-content/uploads/rtMedia/tmp/rt.php file from 3/28, but I thought I should mention it on this forum. I don’t know if the plugin might have a vulnerability or if the problem lies elsewhere. We have always had some trouble with this plugin’s functionality on our site, though.
We are using rtMedia 4.3.1, BuddyPress 2.8.2, and WordPress 4.7.3, which should all be the latest versions. (We do have several other plugins though.) We were using the theme Woffice 2.3.5, which I plan to update now.