How to fix WordPress Redirect Hack

What is a WordPress redirect hack and how to fix it?

Does your WordPress site redirect to some other spam looking website automatically? And you don’t know how to fix it? Don’t worry, we’re here for you. We’ll try to fix your auto redirect problem in this post and give you some tips to avoid such situations in the future.

What you experince with your WordPress site is called a redirect hack. Now what is a redirect hack?

When visitors try to visit your website, they are redirected to another malicious pages. If you experience such thing, your website’s security is compromised. How did all this happen? This is probably due to an infected plugin or a theme.

Attackers use many ways to hack your website. Injecting core WordPress files such as wp-config.php or .htaccess file with malicious code, executing javascript codes in WordPress plugins or theme files, or adding ghost admins to your website. Here are the most common injection files.

  • index.php/index.html
  • .htaccess
  • Theme files: header.php

There may be lots of other files that can be infected. While it’s serious problem, we get all this fixed with minimum damage if you notice them in time.

Scan Core WordPress file

wp-content folder includes lots of files. Theme files, appearance, and functionality of your WordPress. You need to manually analyze each each file look for any suspicion code. The fastest and simplest way to identify malware and malicious code in previously installed WordPress themes is to use a WordPress security plugin. If you try to do it by hand, you’ll most likely fail recognize any differences because these codes well hidden inside WordPress files..

Search for Unrecognized Users with Capabilities

This may sound too easy, but it’s important to check if you have unrecognized accounts with special capabilities. Just login to your WordPress dashboard and search for any unrecognized accounts. Specially look for Administrators, Editors or Authors. These accounts have higher capabilities. Find and delete any account you don’t recognize.

Scan WordPress plugins and themes

Non-secured themes & plugins can also infect your site. Specially if you’ve downloaded them for free on internet. You need to remove any suspected plugins. It will help if you compare your installed plugins with original plugins from WordPress plugins repository or original source. You can do that by downloading plugin codes in the WordPress repository and compare them. But there are some limitations as all the repositories are not updated when new versions are rolled out.
Also, in theme files, it is always better to analyze code manually. Best way to preform these checks is by using a WordPress security plugin.

Check the server logs.

There are two ways to do a malware cleanup. Either you do it manually or get professional help. If you want to do it manually, you need to see server logs. And try to find GET and POST requests. Now this might be hard for an untrained eye. This is why we recommend seeking professional help. We at can clean your website and secure it. Please contact us if you need our help.

If you’re on a VPS, you can use our VPS security tutorial to make it hack proof. If you’re on shared hosting, please consider moving to a recommended VPS provider. The problem with shared hosting is you’re sharing it with hundreds of other webmasters. If one of them act irresponsibly, all site on the server can be effected.If you decide to move we can also handle the migration for you.

Those are some of the ways to check and find malware on your website. But there are even more studies to full assurance that no malware is left.

Darshana Tharanga

I’m Darshana. A Computer Network undergraduate based in Colombo, Lk, who enjoys building things that live on the internet. I develop exceptional websites, web apps, and web content.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.