This article provides you with steps to clean your hacked website where it redirects to another spam site.
Scan your WordPress Website
- Scan your website using an online Malware scanner like https://sitecheck.sucuri.net/
- This will report on any malware added to your site so you may know where to start cleaning.
Google Safe Browsing
- This tool that alerts the webmasters when their websites are compromised with unsafe content or malicious files.
- You can use this tool to diagnose your website for surreptitious malware and resolve it.
- Go to http://www.google.com/safebrowsing/diagnostic?site=example.com (where example.com is your website URL).
- When you press ENTER, it will provide you the Safe Browsing status of the website with the unsafe content found on your website.
Locate the Suspicious Code
In case your website is suddenly redirecting to an anonymous website(s), you need to take a look at the following areas for suspicious code:
- Core WordPress Files
- Your website’s index file (check both index.php and index.html!)
- .htaccess file
Removing Bad Code
- In case your website has been injected with malware, you'll need to remove the malicious scripts that caused the redirection to the abusive websites.
- If the attackers created new pages with malicious code, you can remove them from Search Engine Results altogether by going to Google 's Search Engine Console and using the Remove URLs Feature.
- Next you should update the theme, plugins, and install any new core updates that are available. Make sure everything is as up to date as possible.
- This will reduce your website’s vulnerabilities.
- Finally, change all of the passwords on your website.
- Not just the WordPress Administrator Password, you also need to reset the passwords for your FTP Account, Regenerate WordPress Salt Keys, Database(s), Hosting, and anything else related to your website to ensure the security.
Protect website from future WordPress Malware Redirects Hacks
- Website owners can implement some (if not all) of the WordPress recommended security measures.
- Manually implementing these measures would require some amount of technical expertise.
- Instead, it’s better to use WordPress security plugins like WordFence, BulletProof Security, Sucuri Security to mention a few.