Fix WordPress Redirect Hack

Podcast: Fix WordPress Redirect Hack Link

If you visit your WordPress website and it is redirecting you to another page on the internet that isn’t right. The chances are that your site has been hacked. WordPress hackers introduce this hack to a WordPress website by injecting php or javascript code to a WordPress website. The code creates a redirect once the page is downloaded from the server and loaded in the visitors web browser.

WordPress redirect hack example bad javascript
Example javascript malicious injection code. Source: https://blog.sucuri.net

The solution to this problem is to remove the old theme and upload a new theme – if the theme is the sole vulnerability.

In the past, I’ve gone to the theme files and manually removed the code by manually sweeping the files 1 by 1. The danger of doing this is: you may not remove all the malicious code.

The WordPress official hacked website documentation includes replacing your theme with a the latest download version to replace the current theme.

You should consider investigating why this happened in the first place.

You should:

  • Update your WordPress core
  • Update your theme
  • Introduce security plugins
  • Change your database passwords
  • Change your wp user passwords
  • Change your sftp passwords
  • Audit your theme and plugins to check there are no vulnerabilities
  • Remove anything from your site that you have doubts about
  • Use a child theme so you can safely update your parent theme

The ultimate solution:

Once you’ve carried out the above and removed the threat and eliminated the possibility of a repeat attack… the heavy weight solution is host your WordPress website with a company like WpEngine. WpEngine handles security server side which safeguards WordPress websites and prevents events like this from happening. My company hosts alot of ecommerce websites with WpEngine such as ultimatebanners.co and they make sure this doesn’t happen to sites that they host. A managed website hosting service will elevate the stress associated with website security management.

Some hosting providers temporarily suspend your website until the threat is removed. Don’t worry if this happens because it is usually temporary. They sometimes insist on you replacing all files on the server and changing all passwords. Each hosting provider has their own rules and their own action requirements.

Before taking any action it’s best to contact your hosting provider for further instructions.

Share with the World:

Published by Benny Llewellyn

WordPress Developer since 2006.