-
Visitors Getting Redirected To Other Websites? How to Detect and Fix This Problem?
Are you hearing your customers complain about being redirected to other websites while accessing your site? Or, do search engine results for your site link to illegal sites? If your answer to either question is yes, your WordPress site could be infected with a Redirect Hack.
How does WordPress Redirect Hack work? In simple terms, hackers insert malicious code into your WP installation files and database tables – that redirect your users to other malicious or phishing sites. That sounds easy to fix, doesn’t it?
Unfortunately, that’s not the case. What makes this hack particularly challenging is the unending list of complex and unique malware variants like WP-VCD, Pharma hacks, Backdoors, etc. that infect your website in different ways.
What are the common symptoms of a redirect hack on your website, and how do you get rid of it? Let’s find the answers to these questions below.
6 Common Symptoms of a Redirect Hack
First things first, before we understand how to remove this malware, it’s important to confirm if your website has been infected. Watch out for these six common symptoms to confirm if your website has been compromised with a redirect hack:
- The obvious one – your visitors are being redirected to other unsolicited websites
- Search for your website on Google – and it flags your site as spam
- Your hosting provider has suspended your website
- There are many unidentified push notifications added to your site
- Your index.php installation file contains malicious JavaScript code entries
- You find unidentified and malicious code in the .htaccess file of your installation
- Your web server contains a few unidentified files with gibberish or suspicious names
Among their latest tricks, hackers also insert bit.ly links on your website – instead of the regular malicious URLs – that are harder to identify.
Whatever the type of redirect hack, you cannot afford to lose any time in getting rid of it. SEO rankings, website traffic, conversions, brand reputation – you stand to lose all of this the longer you delay taking action.
How to Fix the Redirect Hack Problem
Once you have confirmed the problem, it is time to fix it. Here are the two most effective ways of dealing with the WP hack redirect problem.
Before you try out either of these methods, we suggest you take a complete backup of your installation and database. If you don’t want to hassle yourself with manual backup, you can use automated backup plugins like BlogVault that can backup in minutes – without overloading your server.
Manual Method
We recommend this method only if you have previously worked on WordPress backend or installation files. That being said, this method can involve considerable time and effort – even for seasoned experts.
The manual method involves implementing each of the following five steps in the right order:
1. Scanning your Core website file to see if they have been infected with any malicious code.
a) Check the current version of WP that you have installed.
b) Login to your current installation using an FTP tool like FileZilla.
c) Next, download the entire installation folder of your WP tool.
d) Download a fresh and original copy of the same WP from the WordPress.org repository.
e) Perform a file-wise comparison of your infected WP installation with the fresh copy using Diffchecker or Astra tools. If any core files between the two sets do not match, then replace your core file with a fresh and clean version.
2. Removing any hidden backdoors from your infected website. Backdoors are malware that hackers embed in your site to regain access even after it is cleaned. Here’s how you can clean them –
a) Manually search your website files for PHP functions like eval, base64_decode, preg_replace, or str_rot13.
b) Remember that these PHP functions also contain legitimate code – so take care to remove the malicious code from these functions without breaking your website.
3. Now, check for any new WP Admin users that have been added to your WP list of users. If you find any such unidentified or unknown admin users, remove their user accounts, and modify all your existing admin users’ passwords.
4. Once that’s done, scan all your installed plugins and themes to see if any of them have been infected. This is like Step #1 and involves the following steps:
a) Use the Diffchecker tool to compare your installed plugins and themes against their original files (from the plugin/theme repository or the developer’s website).
b) Search for any hidden backdoors in the plugins/themes – as discussed in Step #2.
5. Lastly, search for malicious code in your database, as this is another way hackers use to infect your website.
a) Sign into a database management tool like phpMyAdmin from your hosting account.
b) Select your database table and search for keywords like