WordPress Hacked: Redirect – WordPress Site Redirecting to Another Site
WordPress hacked? And is your current WordPress site redirecting to another site? If you are one of the victims of the WordPress redirect hack, you are at the right place. We will here see how you can stop your website from redirecting it to another website.
Overview of WordPress hacked redirect issue
Before we get into the steps to solve this, we will first see something about this issue. Normally, when a WordPress website is hacked, it will redirect you to a spam website or it will redirect you to some ads website. The primary goal of the attacker is to increase the spam on your website and eventually put your website into the blacklist.
They use a code to redirect the website to another website. You will sometimes see a webpage that only has ads or it will redirect your website to some adult website. The chances of website redirection are limited. Hence, only a few visitors to your website will be redirected to other websites. This is only done to confuse you.
However, the attacker might also redirect all the visitors to a new website. Either way, you will have to fix the website and stop the redirection.
We will see some of the most popular ways to stop the redirection and clean your WordPress hacked redirect website.
Restore from the backup
One of the easiest things you can do to restore the website is to restore the backup. If your website is big and you are getting daily visitors, you would surely be having the backups. You can restore the most recent version of the backup. It might remove a couple of things that you updated but it is the best option if you don’t want to waste your time in solving the issue.
If you are using one of the backup plugins, you can simply restore it from there without any issues. However, if you are not using any plugins, you can restore it from the cPanel. Most of the popular hosting providers offer you automatic regular backups. So, you can restore one of the versions from it.
Also, if you used softaculous to install WordPress and you had enabled the backup option, you can restore the backup from Softaculous. All you need to do is open Softaculous and go to the backups option from the top. You will see all the backups there. You can restore the most recent one. Moreover, you can also go to “All installations”, find your website, and click on the backup option beside the website name.
If nothing works, you can surely contact your hosting provider, they might have a backup. Also, you can address them the issue to them and they might be able to help you out.
Moving on, now we will see how you can restore your website to the normal and working state.
Scan the website
The first thing that you need to do is scan the entire website for the error code. Many tools will scan the WordPress website.
You can use WordPress plugins like Sucuri or you can use online scanners such as VirusTotal. Further, you can log in to your cPanel or hosting account and run a virus scan from here. cPanel and mostly all the other hosting panels provide you the virus scanner. Using that tool, you can scan the entire website for viruses and malware. You will be able to see the infected files after the scan.
Please note that you need to scan the entire home directory if you want to get the details of each of the viruses and malware. Thereafter, it will fix some of the files and will warn you about the rest of the files. You will have to note the names and the location of all the files.
It will have the exact location of the file. You can just keep a note of all the files.
Analyze and clean the infected files
Now, your job is to analyze and clean the infected files. You will have the complete list of the files that are infected. You can open each of the files one by one and check for the suspicious code. The suspicious code is usually encrypted. S, if you find any of the encrypted code inside the files, you can try removing it.
Also, if the files represent any of the themes and plugins, you can simply try replacing the files with the original one. For instance, if you have the infected code in a theme, you can download a fresh copy of the theme from the theme directory, find the fresh copy of infected files, and then replace the infected files with the original one. In this way, you will automatically remove all the unwanted code and files.
Do the same procedure with all the files that are infected. You will have the list of the files that are infected from the previous step, you just need to check the files. Please note that you won’t find the exact URL of the website where your website is being redirected. Normally, it will be an encrypted code.
Once you have properly checked and cleaned the files, you will have to make sure that the files are cleaned. For that, we recommend you to rescan the website for the virus. In simpler words, do the previous step again to find out if any more files will put your website at risk.
Also, if you find any of the infected files again in the rescan, you need to fix those files too. If you didn’t find any, you can proceed to the next section that is checking the header and the footer files of the theme.
Check the header and footer
Most of the time the redirect code is infected on the header file or footer file. It is the theme footer and header where the code is injected. If you check these files, your problem will be solved.
You can simply check the header and the footer of the current theme and see the problem. You can head over to wp-content and open the themes folder. Inside it, you will see the header.php and footer.php file.
There will be an encrypted code inside it which you will have to remove. You can right-click on the file and select code-edit.
Alternatively, you can also replace these files from the fresh files. Just download the theme from the source and replace the header and footer files.
Also, if you are using a custom plugin to insert header and footer code, you will have to check them.
Now, your next job is to check the functions.php file of your theme. Do the same procedure as you did in the header and footer files. It will then remove all the files and you will be all set to proceed to the next step.
Replace the core files
One of the wise decisions here would be to replace the core files. If your website is being redirected to someplace else, you will need to replace the core files. For that, you can simply open your WordPress dashboard and head over to the updates option (from Dashboard > Updates). Inside it, you will see the option to reinstall WordPress. You will need to click on it and it will reinstall WordPress.
Your website will be in the scheduled maintenance mode for a few seconds. Once it reinstalls WordPress, all the core files would have been replaced. So, you will have the fresh core files in your WordPress directory.
Now, all you need to do is check the website again to see if the redirection is gone or not. There are good chances that the redirection will be gone by now. It is recommended that you visit the website a couple of times to know the exact results.
The attackers would have set the percentage of times on how times the website will be redirected. For instance, if they have set 10% then out of 100 visits, only 10 visits will be redirected to a different website.
So, it is always a great idea to test the website a couple of times and also use various other devices to know the results. If it works, you can still proceed in this post and do the rest of the things for better security.
Deactivate the plugins
The next method you can use to clean your redirecting website is by deactivating the plugins one by one. If none of the above technique works, the fault would be on the plugins or themes. So, the best solution here is to deactivate the plugins and see if the problem is solved or not.
You can do the same thing with the themes too. Later on, you can activate all the plugins one by one to see which plugin is causing the problems. You can first active a set of plugins and see if the website is working and then you can do the same thing. In this way, it will be easier for you to check all the plugins for the malware and virus.
If you are still not able to detect the problem, you can do the same thing with the themes. Switch to the default theme and see how it goes. If the problem is solved then you can replace the theme files with the original one. In this way, you can easily solve the entire redirection problem.
But wait a minute, the main problem isn’t yet over. If your website was redirecting to a spammy domain for a long time, even Google might have detected it, right? It would have affected your rankings and the way Google fetches your website. So, you will have to fix that too.
Remove the bad code from Google
So, as we have already mentioned, now you will have to remove the bad code from Google. You can easily remove the code from Google, it looks like a big deal but it is not a big deal.
You can open your Google console and see the warning messages over there. You will see the complete error log; you will have to fix those. Now, you can enter the URL and then inspect the URL with it.
If your website is more infected, you will have to remove it from the webmaster tool and then request to reindex.
You will have to open your Google webmaster tool. You can then go to the removal section. From there, you can enter the infected URL, and Google will remove the URL from it. You can then reindex the website on Google.
In the same way, you will have to resubmit the website in other search engines too if you have a webmaster account there. The webmaster account is needed for the same purpose and you can resubmit the website to find it out.
To conclude, this was all about the WordPress redirection issue and how you can fix the website that is redirecting to another website. Further, you need to make sure that you are using the right security plugins to keep the website secure. If your website is infected too much, you should get the website maintenance service which will help you in recovering the entire website easily. Further, you should take regular backups which will help you to recover the website when something like this happens.
Make sure you do the entire procedure in all the websites that are hosted on your server. Some of the malicious code will infect the entire server and hence, your other websites might also get infected. Overall, you need to make sure that you remove all the demo website. Use strong passwords and keep the admin account secure. If you keep all the security measures, your website will be safe. In most cases, the redirection issue is caused because you installed themes or plugins from an unknown source. So, make sure you only install the plugins and themes from a trusted source.