If your website was hacked there are more chances that attackers might insert malicious code that redirects your website to phishing or malware websites to grab traffic, that’s just adding insult to injury – and can really damage your website reputation.
Check for Malicious Codes Inserted in WordPress site
f your WordPress website is infected with malicious redirects, check the following areas for suspicious code:
- Core WordPress Files
- .htaccess file
- theme files
- header.php (in the themes folder)
- footer.php (in the themes folder)
- functions.php (in the themes folder)
Few instances of malicious code presence which resulted in randomly redirects visitors to malicious sites on hacked WordPress sites.
WordPress website is redirecting to another website how to fix?
1.Restore your backup file.
Most of the hosting offers regular backup of your wordpress website. You can restore the backup file yourself or ask your hosting team to restore the backup for your. Once backup process is done check if the issue still exist. If the result is same or you don’t have a backup then follow other solutions.
2. Scan your wordpress website
There are various ways of checking your site and in any case you find that your website has been hacked with a malicious script, you need to generate a complete backup of your website. While removing malware from wordpress site you might make any mistake and then that backup acts as your savior. Once you have backed up your complete website, you’re ready to run a website scan using a WordPress Malware Scanner.
3. Find the Malicious Code
There are number of places where you can locate the malicious code on your website.
- In case, the website is redirecting to an anonymous website(s), then look for the suspicious code in the following areas:
- check both index.php and index.html!
- .htaccess file
- In case your website is triggering visitors for downloads, please have a look at out the following places:
- Your website’s index file (Check both)
- Your theme’s files
4. Removing Bad Code
You’ll need to remove the malicious scripts that causes website redirection to the abusive sites. The malicious code with the new pages can be removed from the Search Engine Results together by using the remove URLs feature and by going to Google’s Search Engine Console. Also, update the plugins, themes and ensure the new core theme is installed plus up-to-date. Change or reset the passwords.
5. Submit Malware reconsideration request using Search console if your site is flagged.
- Login to Google search console
- Verify your Website ownership
- Click on Site > Dashboard > Security issue
Here you will see list of URL, google is suspecting that is infected with malware. Once you have cleaned all hacked files and your website is malware free, simply click on request a review, and add notes in the form of actions you have taken to remove the malware.
4. Hire a WordPress expert for cheap
If you don’t have deep knowledge of wordpress backend, the you can hire a wordpress expert for $5 to $10 to fix your website at fiverr. You just need to signup and find a wordpress expert and your issue will be fixed in 24 hours.
Plugins to Help Test and Clean Your Site
Here are some WordPress plugins which can detect infected files:
Keeping Your Site Secure
In order to keep your site secure you need to make sure you follow the guidelines found below:
- Have your WordPress site core files updated.
- Have your themes and plugins updated.
- Use a Safe Secure WordPress Hosting Service, if possible choose one which can Manage your WordPress Site instead of just from Hosting it.
- If you choose to use a reseller hosting account under a non WordPress Friendly Hosting Provider then you should avoid adding sites as addons under your main account. You can setup those sites in a separate site account.
- Remove any inactive themes or plugins you don’t plan to use in your site.
- Review your WordPress plugins and themes and make sure all of them are recently updated by its developers, if not you should seek some alternatives and remove them from your WordPress Site.
- Never install nulled themes or plugins.
- Keep one or two admin accounts, downgrade the rest of your admin users into an author or an editor.
- Remove all dev/demo setups of your WordPress installation outside your public directory.
WordPress Malware Removal Services
FixMyWP has successfully cleaned more than 2000 WordPress sites already while its success rate is 100%. If you don’t have time or the expertise to scan and clean your WordPress site from a Malware Redirect hack then we can clean it for you.
This is a priority service that will restore your WordPress Hacked Website in a day or less while we are going to offer you a 30 day guarantee period. If your website is hacked again during the guarantee period we will clean it Free of Charge.