Have you found that your WordPress has started redirecting to another website recently? In most cases, this means that your visitors are being redirected to obscene or spam websites and this is the result of being hacked. If this has happened to your website, then it is absolutely crucial that you fix it immediately. 

Thousands of different WordPress hosted websites have been infected with malicious code and JavaScript in the past months, with a dramatic spike in January. These hackers exploited vulnerabilities found in a number of different plugins on WordPress sites, with the most popular being the Contact Form which is used alongside PayPal. 

Whether it be an outdated software, weak password or a flaw or glitch in a currently installed plugin, hackers use these gateways to gain access to a vulnerable website. Once the hackers have accessed the website, they are then able to flood the site and code with JavaScript so that it sets off numerous spam redirects to fraudulent sites where visitors are then tricked into inputting their personal information via “survey for gift” schemes, which then installs the infected malware. 

Unfortunately for site owners, the JavaScript used by these hackers is then able to make further changes to any existing WordPress files by using the /wp-admin/theme-editor.php extension. This is a way of adding further malware, such as PHP backdoors and hack tools so that they can maintain unauthorized access.

How to spot if your website has been affected

If you have noticed this happening on your website, then this is, unfortunately, a result of your website being hacked. If this has happened, then it is vital that you try your best to solve this issue immediately and take back control of your website. 

If you are pressed for time and need to also clean up your website, then there are some automated malware removals which can do this, but in order to stop this from happening again in the future, you need to understand what has happened and why. 

The security of your website is important and particularly more so if it is hosted on WordPress. This is because WordPress is a popular hosting choice for many websites, with around 35% of all worldwide websites being hosted on there, so is a popular choice for hackers. According to a recent study, 90% of all WordPress websites have been infected with malware. 

How do hackers cause a website to redirect?

There are a few tricks which hackers use in order to get access to your website. Some of the most common ways are:

  • Adding themselves as a ghost admin onto your website
  • Changing the homepage URL
  • Adding malicious malware onto your WordPress database and files

In most cases, visitors will find that there are being redirected to another website before they land on the homepage of your website. The tricky thing about these kinds of hacks is that they can lie unnoticed and dormant on your website and unless it is bought to your attention, you might be hacked for quite some time. 

If you have noticed that your website is redirecting, then you need to rectify it immediately, Redirects can have hugely damaging impacts on your website and your visitors and can lead to very severe repercussions. 

Why you should worry about malicious redirects?

A malware hack which causes redirects can lead to severe and sometimes irreversible damage to your website for a number of reasons.  

Your SEO will be affected

It is no easy task to get your website ranking on search engines and can take a lot of time and effort. Once your website is hacked in this way, hackers will then use your SEO efforts to cause even further damage. 

Your traffic will drop as your visitors are redirected to malicious sites and hackers can place links inside your website, meaning that if a visitor was to click on it, they’ll be redirected. A malware hack can cause Google to penalise your site for bad backlinks, and recovering your SEO can take months. 

Google may blacklist your website

Google prioritises the safety and experience of users above all else. If your website is putting users at risk, then Google may well blacklist your website. Visitors who try to visit your website will be shown a warning sign from Google informing them that the website is at risk, or they will be blocked from entering the website. 

Your brand image will be affected

One of the worst parts of being hacked is that your brand image, which you have worked so hard to build, can be shattered in a moments notice. In the majority of cases, customers who see that a website has been hacked are very unlikely to return. 

How to clean and detect malicious redirects

Your website is redirecting because of the infected codes which the hackers have added. To remove these redirects, you need to find where the malware and code has been hidden and remove it. But, the issue with this is that this could be hidden anywhere, from your database, “.htaccess” file or even discreetly hidden in your uploads. You can scan your website, either by using a security plugin or by manual search, to find the malicious code.

Manual scanning

During a manual website scan, you may find yourself looking for known patterns of code which are often used in a malicious way. Should you find a snippet of this code, then it can be easily removed, but the problem with this method is that it will only ever match a known pattern. This part of the code can be used in a number of different patterns and can be a relatively tedious process. 

Keyword identification

Another way that you can search for malicious code is to search for known keywords which are commonly used within malicious code, such as “base64_decode” and “eval”. One of the drawbacks when using this method is that, like manual scanning, you can find that these keywords can be used to form legitimate code. A lot of plugins, especially on WordPress, so searching for these isn’t a foolproof plan. 

Matching plugin files

Another way that you can search for malicious redirects on your website is by matching the plugins you have used. Make a list of the different ones installed on your website and then download the same plugins again from the repository. Then you can match the two to look for any differences to spot where the code is hidden. This is a highly effective, but time-consuming, way to search for and identify malware. There are a number of versions of plugins and not all of these are available for public use, so modifications may have been made.

In an ideal world, you should use a trusted security plugin to scan your site and files for malware and this should then deal with the additional task of cleaning your website too.

Protecting your website from future malicious redirects

By simply just locating where the malware is on your website and cleaning up the site, you are not protecting your website against any future malicious hacking attempts. It is vital that you take security measures for your website seriously so that it is protected from future hacks and attacks. There are many recommended security measures across all CMS’, which means that website owners can implement some of, if not all, of those recommended. 

Manually implementing these measures onto your website may take some form of expertise, especially if you are not too sure as to what you are searching for. You can use some of the WordPress security plugins and features as a first measure to protect and fix your website and then get a professional to look into it further. 

This is particularly important if you work with other businesses and websites who’s information may also be vulnerable or if you are an investor. Ideally, you should always carry out technical due diligence in these cases – remember that bad technology and practises will guarantee failure. 

What next? 

Moving on from your website being hacked in this way can be quite a stressful and time-consuming period, especially if your website is your means of income. You should ensure that the modification of the primary files on your website are disabled so that you can prevent any future hackers from inserting malicious files and code onto your site again. This should be done as part of your website’s best practices and security hardening steps

If your web host suspended your account following your website being hacked and removed your website, then you can get in touch with the support team and explain the situation to them. You can send them screenshots along with any other important information which they may require. They can verify your website and, once they have the information which is needed, they will un-suspend your account. 

Every website owner should bear in mind that having a website and presence online which can store valuable user data and information is a big responsibility and one which shouldn’t be taken lightly. Data is a hugely valuable commodity these days and is what hackers are looking for when they carry out these attempts on websites. Take time investing in your website’s security and ensure that you have reliable backups and effective security measures in place to make sure that your website is fully working. 

Submitted by guest author: Natalie Wilson is a freelance writer for many business and technology publications. With a wide range of knowledge in the sectors, she is an avid researcher and writer in the field, taking particular interest in Northern tech brands.. Having worked with a number of different businesses, Natalie is now a freelance writer looking to specialize in the sector. You can connect with her on Twitter @NatWilson976.


Alex is a writer and content marketing specialist. He is currently working for Breakline, a UK based SEO Agency.