What is a WordPress Redirect Hack & How to Remove It

Imagine this – after months of persistent and sustained effort, just when your website is finally beginning to show SEO results, your visitors are being redirected to other sites.

What’s worse is that these redirects are to malicious and illegal websites. Besides severely damaging your brand reputation and customers’ trust, this also compromises their security. Unfortunately, this is just how WordPress Malware Redirect, one of the most common WordPress hacks, works. 

In this article, you will learn more about this malware, how you can fix it on your site, and what you can do to protect your site in the future. Let’s get started. 

The Contents

  • What are the Common Symptoms of Redirect Malware?
  • How the Redirect Hack Affects Your Website 
  • How to Remove the Hacked Redirect Malware
  • Conclusion

What are the Common Symptoms of Redirect Malware?

The main aim of the WordPress Redirect malware is to redirect visitors to spam or phishing websites to generate false advertising impressions. 

How do you confirm if your website has indeed been infected with the malware? Besides the complaints from your customers, here are some common symptoms:

  • You receive complaints from your customers who are being redirected to another external website.
  • Your website is flagged as “spam” by Google – or even blacklisted.
  • Your home page contains automatic push notifications that you have not added. 
  • The index.php and .htaccess files in your WP core installation contain unidentified and malicious JavaScript code.
  • Your WordPress hosting server contains many junk files with suspicious file names.
  • You may find malware code injections in the header.php and footer.php file of your installed theme files – that redirect your visitors to other domains like default7.com or test246.com.

While diagnosing this malware is fairly easy, what’s challenging is fixing it. This is because hackers keep innovating to develop new and sneakier variants that impact different parts of your website in different ways – making them much harder to detect. 

This malware also creates WP user accounts with admin privileges, so getting this malware off your website is critical. Which brings us to the next part – how you can clean up your website to get rid of this hack. 

How the Redirect Hack Affects Your Website 

While these may seem obvious, here are just some ways in which this hack can derail your business:

  • A significant loss of traffic and engagement due to loss of traffic
  • Damage to your hard-earned online reputation and brand trust – your redirected visitors are unlikely to ever return.
  • Impact on your Google SEO ranking – leading to more loss of incoming traffic 
  • Additional downtime – after being suspended by your web host or blacklisted by the Google search engine.
  • Blocked access to your WP Admin dashboard that could prevent you from acting quickly.

How to Remove the Hacked Redirect Malware

There are both manual and automatic methods to remove the Redirect malware from your website. 

You can do this:

  • Using a plugin
  • Using a manual method

Using a WordPress security plugin

This is an easier and more fool-proof method. Security plugins like Sucuri and MalCare have evolving advanced algorithms designed to detect the latest malware variants, which are well-disguised by hackers.

They perform deep automated scans at periodic intervals, so you can take action before too much damage is done. 

 

malcare homepage

(Source: MalCare)

 

For instance, you can use the MalCare security plugin to scan and even remove the malware from your site in a few clicks and in under ten minutes.

Here’s how:

First, register on MalCare and install the plugin on your site from the MalCare dashboard.

Once you have successfully installed the plugin, it automatically starts scanning for the Redirect malware on your website. This will take a few minutes, at the end of which you will see a screen like the one below.

 

malcare scan

 

You can view the total number of infected files found in your WP installation and database. The next step is to click Auto-Clean, which scans every line of your installation and database to remove the malware code from the affected files. 

At this stage, you’ve eliminated the current infection from your site.

But as with all things security, it’s better to be safe than sorry; the next hack is always around the corner.

The best way is to harden your website against future attacks by hackers. WordPress recommends a set of expert-recommended WordPress hardening measures that limit both the ways hackers can access your site and the damage they can inflict if they do manage to break in. 

You can use MalCare to enable these features, which otherwise need a fair bit of technical and WordPress know-how.  You can do this through the dashboard – in a few clicks. 

 

malcare apply hardening

 

Using a manual method

Before you begin, you should know that this method means a significant investment of both time and effort. You would also need to have the necessary expertise in WP installation files and database tables to execute this independently. 

Pro-tip: Back up your website files and database tables, so you have something to fall back on in case of issues.

You can either do this manually or install a backup plugin like BlogVault that automates and shortens this process. This ensures that you back up all elements of your site and have an easy automated process to restore your site when you need it. 

Here are the steps to manually clean your site:  

1. Check and clean your Core WordPress: Using cPanel in your host account or any FTP tool, download your WP installation folder.

  • Next, download a fresh and clean copy of the  WordPress version that your site is currently using from WordPress.org.
  • Use Diffchecker to compare all the core files and folders of your website installation against the freshly downloaded version. Remove the modifications (code changes or file additions)  in your installation copy.
  • Using cPanel or FTP, upload the cleaned WP version to your hosting account.

2. Check and clean your plugins and themes: The next step is to check for any redirect malware on your plugins and themes

This process is similar to that for Core WordPress files – as discussed above – by comparing the plugin files in your installation with the original version.

As you can see, both these steps are repetitive and time-consuming – given that you need to run through each file to check for changes. 

3. Check and clean your database: Next, you need to scan for any redirect malware in your database tables. Hackers can also insert spam keywords like eval, base64_decode, or <script> into your database.

Like Step 2, you need to scan every database table using any database management tool like phpMyAdmin.

4. Remove backdoors: The next step is to scan for any backdoors in your installation folder.

Backdoors are entry points that hackers leave to regain access to your site. For this step, search your site for malicious PHP functions such as eval, base64_decode, preg_replace – where hackers typically leave behind backdoors.

This can be tricky, though – identifying these malicious functions needs a trained eye, and inadvertently deleting functions can cause your site to malfunction or crash.  

5. Remove unidentified accounts: The last step is to search and remove any unidentified admin account that hackers may have added. 

You can do this from your WordPress > Users panel that lists all your current users. After removing unauthorized user accounts, make sure you reset all the user passwords and change your security keys.

Conclusion

We hope this article has helped you with a better understanding of the Redirect Hack and equipped you with the knowledge and tools to secure your website from it.

This hack is one of the most ubiquitous and yet, most damaging hacks out there. 

You should also read some of our popular WordPress security articles:

  • Best WordPress Security Plugins
  • How To Optimize WordPress Database 
  • Do This When Wp-admin Redirects to 404 error

Are there any other steps you have taken to tackle this issue? Any other solutions that you recommend? We’d love to hear from you. Let us know in the comments below. 

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *