Hi
I woke up this morning with my WordPress website hacked. They posted a message on my wall saying: Kaiser Malware was Here. I didn't read the whole message but they were asking money to recover my website.
I didn't have Wordfence installed but an user from my website saw the post and sent me a private message saying that Revolution Slider was causing a breach on my website and it could be hacked. He even sent me (on the message) my username and password. In fact I had RevSlider installed on my site.
First I deleted all new usernames that were created along with all changes that have been done on the website by the hacker, among them they installed a FTP plugin.
After that I uninstalled Revolution Slider and installed Wordfence. I ran the scan and Wordfence found that my Index.php file had been changed and they included a code starting with "eval".
Wordfence recovered the original file and deleted the changed one.
Long story short, it was a nightmare, but fortunately it was fixed quickly.
I can't say that the problem was due to RevSlider or not, but I'm just explaining what happen on my website and according to the user, it was due to RevSlider.
I changed all passwords, installed Wordfence, Installed security manager, and I hope it doesn't happen again.
I hope it can help.