How to Fix WordPress Hacked Redirect

How to Fix WordPress Hacked RedirectIf your WordPress site is redirecting to another site, then your site may be hacked. This can have severe implications on your brand reputation and also affect your search engine rankings if you do not fix it on time.

WordPress core is a secure platform. However, third-party plugins and themes make your site vulnerable to hackers if poorly coded.

The good news is that you can easily detect and fix the redirection malware on your WordPress site. But you need to act fast.

In this guide, we will show you how to diagnose and fix the WordPress hack redirect malware on your website. As a bonus, we will also suggest best practices to secure your website from future occurrences of malware redirects.

Content:

What does WordPress Hacked Redirect Mean?

When some or all of the pages on your WordPress site are redirecting to a different domain, then you are likely seeing a redirect malware. Hackers inject this malware into your website to mislead your users to a malicious website.

Oftentimes the malware gets to your site through third-party files on your website such as poorly coded plugins or themes. If you are using a nulled theme, your site may be at risk because the source of such themes is usually unverified.

WordPress redirection hacks can occur in different forms as well. Below, we will explore the types of malware redirection errors.

Types of Redirects

There are 3 types of malware redirects that can occur on your website; automatic, link, or mobile-only redirect.

  • In Automatic Redirect, when users type in your website, they are immediately redirected to the page chosen by the attacker. This is the most common type of redirect that occurs on websites.
  • Link Redirect occurs when an internal link on your website is leading to a different website.
  • Mobile-only redirects, as the name suggests, only affect mobile devices. This can be detrimental to your site, considering that a huge chunk of users accesses the internet using smartphones.

 

Finding the exact location of the malware can be tricky considering it could be in any part of your website. However, these are the most common areas the redirection malware may be residing on your website.

  • .htaccess file
  • wp-config file
  • JavaScript and PHP files in plugins
  • Bad code on theme or plugin files
  • SQL injection on your WordPress database

Now that you know what the WordPress hacked redirect malware is all about, we will now show you the best ways to rid your website of the malware.

How to Fix WordPress Hacked Redirect

We will show you how to resolve this error in 4 easy steps.

Step One – Scan your Website

Firstly, you need to confirm that your website is hacked and also discover the sections that are infected with the malware.

There are two methods you can use to scan your website for malware. The methods are manually or using an online malware detection tool.

If you want to perform manual scanning, you will need to check every aspect of your site including your website files and database file as well.

This can be tedious and time-consuming, and frankly, it is not very effective. We recommend using an online security scanner to check for malware on your website.

For this, you can use tools such as MalCare or Sucuri Security Scanner. Essentially, the majority of WordPress security plugins come with malware scanners. So if you have one installed on your website, you can simply use it to scan your site.

Scanning your Website for Malicious Scripts

We will use the free scanner provided by MalCare. To start, head over to MalCare scanner and then click on Scan your Site for Free (you may be asked to create an account, do that).

WordPress Malware Scanner

On the next page, enter your website address and then click on the Continue button.

Enter web address in scanner

This will perform a scan on the pages of your website. If the malware is on any page, this tool will detect it.

Sync Completed - no wordpress hacked redirect issue

However, this scanning is basic, and may not detect redirection malware in your web server.

For better results, you should install the MalCare plugin to perform deep scanning on every section of your website.

For this, go to the “Sites” tab and then click on the Install button next to your WordPress site.

Note: Your sites are automatically added here after you complete a scan.

Install MalCare Plugin

Next, select the automatic installation option. You will need to enter your WP username and password to complete this step. So if you are in doubt about entering your site login on a third-party website, you can use the Manual installation option.

Auto Installation - WordPress hacked redirect

If you choose the automatic option, enter your username and password.

Initiate Sync

Click on the Submit button to complete the installation. Once done, you can click on the Initiate Sync button to perform the deep scan on your website. It will also scan through your server files and folders for spam redirect codes.

Plugin Installation Successful

If your website is hacked, you will see an alert similar to the one below.

Security alert - WordPress hacked redirect 

Step Two – Remove WordPress Hacked Redirect

Before proceeding, we recommend you backup your website. A hacked website is still better than no website. This ensures you always have something to go back to if anything goes wrong.

Not sure how to backup your WordPress website? Please refer to this guide for more information on performing regular backups in WordPress.

Fixing this redirection malware manually can be time-consuming because it will be difficult to pinpoint the exact location of the bad code. Fortunately, there are better options available. In this guide, we will focus on the fast and easy ways of fixing this malware.

Hire a Professional

Unless you are a WordPress expert, you are better off hiring an expert to help you resolve the error on your website.

This is because making changes you are not sure of on your website may result in more harm than good. Not to mention the time it will take to debug your entire website.

Fortunately, Fixrunner support offers Malware removal service. When you request this service, all you need to do is sit back and let our experts perform the ninja fix on your website.

We can guarantee you will get your website back online after 24 hours, which is relatively fast if you compare it to manually debugging the malware.

Using WordPress Security Plugin

Ideally, you should have at least one security plugin on your WordPress website. This will save you from unnecessary downtime on your site.

Most WordPress security plugins offer malware removal services for their users. For instance, if you used the MalCare scanner to detect malware on your website, they will provide you with a means to automatically fix the error on your website (see image above).

However, you would need the premium plugin to enable this malware removal. There are other highly effective malware removal plugins available on the WordPress directory.

If you want to avoid the premium payment, you can install the WordFence plugin, use it to run a scan, and then fix the issues found. For more information on this, read our complete malware removal guide.

You may also refer to this post for the best malware removal plugins for WordPress websites.
After removing the malware, you can rescan your website to check that everything is intact.

Manually Resolving WordPress Hacked Redirect

We strongly recommend against going through this route, unless you are an expert WordPress user. If you are a beginner, you are better off using a plugin or hiring a professional to help you resolve the malware.

However, if you still want to manually fix the malware, here is a list of places the malware may be residing.

Firstly, check your wp-config.php and htaccess files for redirection code. A good way to do this is to compare each file with their copy in fresh WordPress installation files.

If any code looks out of place, you need to remove it from the file. However, you should be careful not to remove useful code on the file. This is why you need to be an expert to perform this procedure.

Secondly, check for redirection malware code on your database file. For this, you need to download a backup of your database on PHPMyAdmin, then open the file on a code editor.

phpMyAdmin database - wordpress hacked redirect

Next, copy the URL your site is redirecting your users to. After that, use the search feature on the code editor to search for the URL.

Code Editor - scanning for wordpress hacked redirection code

If you find it, then you can simply delete the link or replace it with your website address.

Another tip for resolving redirection malware is to update your WordPress files. First, run a manual WordPress Update. Afterward, update all the plugins on your website as well as your sites’ current theme.

Finally, perform a thorough audit of your website. If you discover any plugin has not been updated by the developers for a while, you should delete such plugins and look for an alternative.

If you followed the steps listed above, the redirection malware should stop showing on your website. At this point, you can rescan your website to confirm it has been fixed.

Rescan website 

Step Three – Clear Cache Files

If you are using a caching plugin on your WordPress site, then chances are that some users will still see the stored version of your website, which may still contain the malicious code.

To ensure it is completely gone from your website, you need to purge all the cache files from your database and WordPress hosting server.

Most caching plugins have this feature by default. If you are using server-level caching, then you need to clear it from there as well. Kindly refer to our guide on how to clear WordPress cache files.

Step Four – Whitelist your Website on Google Search Console

When your website is infected with the hacked redirect WordPress error, Google may blacklist your website due to potential risk on user data. This means you will lose your site ranking on search engine result pages.

Other search engines such as Bing rely on information from Google. So if Google blacklists your website, you will also be blacklisted on other search engines.

After resolving the redirect issue, you will need to manually appeal on the Google Search Console to have the restriction lifted from your website.

To whitelist your website, go to Google Search Console and then login to your account. Next, select your website and then click on the Security Issues tab.

Whitelist website on Google Search console

If there is any restriction, you will see a list of issues that caused the restrictions on this page. From here, you can appeal the restrictions.

Google will require you to confirm that your site no longer has redirection malware on it. After that, Google will take some time to verify your claim.

If the redirection hack has been resolved, you should get your site back on Google in no time.

Side note: You can use this process to verify your site is clean from the malware. This is because Google will use its robust malware scanner to check your site.

Google will not whitelist your website if there is any trace of hacked redirect malware on your WordPress site. Essentially, it will help you confirm if the hacked redirect has been fully fixed on your WordPress website.

Implications of Hacked Redirect on your Website

Earlier we mentioned that the hacked redirect malware has a tremendous impact on your website. Below are some of the most common and costly effects of this malware attack.

Decrease in SEO Ranking

Naturally, when Google starts to notice a redirection malware on your website, it will notify users on SERP (Search Engine Result Page) that your site is not secure.

Users, on the other hand, will not want to visit an insecure website. That will reduce your click-through rate, and ultimately reduce your ranking on search engines.

Losing your site ranking is one thing. However, it doesn’t compare to having your entire site blacklisted if you do not resolve the error on time.

Low Revenue

Users are generally careful when dealing with eCommerce sites that require entering sensitive credentials such as credit card details.

If your site is infected with the redirection malware, it will cost you a lot of revenue because no user would want to buy from an insecure website.

Ruin Your Brand Reputation

If your site is affected by the WordPress malware redirect, it can ruin your brand reputation. This is because users will generally assume that the fault is from you considering it is your site that led them to the spam site.

Compromised User Data

The hacker may have gained access to your sites’ backend and database before injecting the malware.

When this happens, your site and user data are at the mercy of the attackers. This means the information you store on your server can be breached.

How to Protect Your Site From WordPress Redirect Hack Malware

With all the potential problems this can cause, it is clear that the best move is not to get hacked again in the future.

After restoring your WordPress site from a hacked redirect infection, you can harden it. Below, we will list out some safety precautions to implement on your website.

Install a Security Plugin

A security plugin scans your website for potential malware infection and also protects your site from brute force and DDOS attacks. This is one necessary plugin to have on your WordPress website.

When choosing a security plugin, ensure your plugin of choice also offers firewall protection. This will essentially add an extra layer of security to your website and server. You can check our list for the best security plugins for WordPress sites.

Change All Passwords

It may be possible that one or all of your admin credentials have been compromised. So it is important to change all passwords you use to access your website after removing WordPress hacked redirect infection.

Also, ensure you change your FTP and hosting account passwords. If there are other admin users with access to your website, you should reset those as well.

Always Update your WordPress Site

Quite often, the WordPress team releases security patches to fix a vulnerability issue on the WordPress core. Whenever there is an update, ensure you apply those as soon as possible.

Your theme and plugins should also be up to date if you hope to secure your website from hackers. This is because an outdated codebase may be easy to infect with malware.

Side note: Before updating core WordPress files, ensure you have a backup of your website. That way you can always revert your changes if something goes wrong. Read this guide to learn how to perform regular WordPress backups.

Conclusion – WordPress Hacked Redirect

There you have it, an easy guide on how to restore your WordPress site from a hacked redirect malware attack. If you followed through with the steps we listed above, you should have your site back in no time.

Using WordPress malware removal plugins, you can quickly scan your WordPress site for malware. These plugins will also help you fix the WordPress redirect malware on your website.

You can save yourself the time and stress of manually removing this malicious redirect by requesting our malware removal service. Once we confirm your request, our WP experts will restore and clean your website within 24 hours.

Meanwhile, also check our beginner’s guide on how to secure your WordPress site to tighten your websites’ security.

 This post was written by FixRunner Team

The FixRunner team - an awesome combination of WordPress experts, and technically savvy content creators - are determined to give the WordPress Community a solution to every problem. This diverse team - spanning 3 continents, young and mature, ladies and gentlemen - work seamlessly to keep the wheels running on WordPress sites across the globe.

Last edited by: FixRunner Team