Podcast: Fix WordPress Redirect Hack Link
The solution to this problem is to remove the old theme and upload a new theme – if the theme is the sole vulnerability.
In the past, I’ve gone to the theme files and manually removed the code by manually sweeping the files 1 by 1. The danger of doing this is: you may not remove all the malicious code.
The WordPress official hacked website documentation includes replacing your theme with a the latest download version to replace the current theme.
You should consider investigating why this happened in the first place.
- Update your WordPress core
- Update your theme
- Introduce security plugins
- Change your database passwords
- Change your wp user passwords
- Change your sftp passwords
- Audit your theme and plugins to check there are no vulnerabilities
- Remove anything from your site that you have doubts about
- Use a child theme so you can safely update your parent theme
The ultimate solution:
Once you’ve carried out the above and removed the threat and eliminated the possibility of a repeat attack… the heavy weight solution is host your WordPress website with a company like WpEngine. WpEngine handles security server side which safeguards WordPress websites and prevents events like this from happening. My company hosts alot of ecommerce websites with WpEngine such as ultimatebanners.co and they make sure this doesn’t happen to sites that they host. A managed website hosting service will elevate the stress associated with website security management.
Some hosting providers temporarily suspend your website until the threat is removed. Don’t worry if this happens because it is usually temporary. They sometimes insist on you replacing all files on the server and changing all passwords. Each hosting provider has their own rules and their own action requirements.
Before taking any action it’s best to contact your hosting provider for further instructions.