1. Scan WordPress Website

 

https://sitecheck.sucuri.net/

 

Google Safe Browsing is a tool that alerts the webmasters when their websites are compromised with unsafe content or malicious files.  You can use this tool to diagnose your website for surreptitious malware and resolve it.

 

·        http://www.google.com/safebrowsing/diagnostic?site=

·        Insert your website url in the above mentioned link and press ENTER. For example –

·        http://www.google.com/safebrowsing/diagnostic?site=example.com

·        When you press ENTER, it will provide you the Safe Browsing status of the website with the unsafe content found on your website.

 

 


2. Locate the Suspicious Code

 

In case your website is suddenly redirecting to an anonymous website(s), you need to take a look at the following areas for suspicious code:

 

·        Core WordPress Files

·        Your website’s index file (check both index.php and index.html!)

·        .htaccess file

 

 

 

3. Removing Bad Code


 

https://fixmywp.com/wp-content/uploads/2017/01/Google-url-removal-tool.png


In case your website has been injected with malware, you'll need to remove the malicious scripts that caused the redirections to the abusive websites.

If the attackers created new pages with malicious code, you can remove them from Search Engine Results altogether by going to Google 's Search Engine Console and using the Remove URLs Feature.


Next you should update the theme, plugins, and install any new core updates that are available. Make sure everything is as up to date as possible.

This will reduce your website’s vulnerabilities.

 

Finally, change all of the passwords on your website. 

Not just the WordPress Administrator Password, you also need to reset the passwords for your FTP Account, Regenerate WordPress Salt Keys, Database(s), Hosting, and anything else related to your website to ensure the security.

 

 

https://fixmywp.com/wp-content/uploads/2017/01/WordPress-Salt-Keys.png

 

 

4. Protect Website From Future WordPress Malware Redirects Hacks

 

Website owners can implement some (if not all) of the WordPress recommended security measures

Manually implementing these measures would require some amount of technical expertise. 

 

Instead, it’s better to use WordPress security plugins like WordFence, BulletProof Security, Sucuri Security to mention a few.