Removing Malicious Redirects from a Hacked WordPress Site

Powering over one-third of all websites, WordPress is the most used content management system in the world. Considering how widely it is used, it only makes sense that hackers will attempt to target WordPress sites.

When a WordPress site is hacked, the hackers may implement a redirect into your site. This means that when traffic enters your page, it will be sent to another (potentially malicious) webpage. In some cases, hackers may even attempt to copy the layout of your site to this redirected site, tricking your users into revealing sensitive information. For this reason, it is important to act quick and get your website working again as soon as possible.

Need an urgent fix for your hacked website? Contact us!



How can redirects negatively affect your website?

Loss of customers:

When your WordPress site is redirecting to another site without your permission, you are losing potential customers, clients and conversions. Most internet users are good at spotting scams. In fact, the first thing your users will do when redirected is exit your page. This could ultimately lead to them choosing another company over yours.

Negative impact on SEO:

Search engines such as Google place a high level of importance on ensuring that the websites in search engine results pages are safe for their users. When Google detects that your website is redirecting somewhere else, it may automatically penalise the site. This can result in a reduced presence in search results.


How to find and remove redirects:

Attempting to remove redirects from your WordPress website may be difficult, especially if you are unable to log in. Fortunately, we have compiled a list of common places to look for malicious redirects.

1. Edit the .htaccess file

The .htaccess file is a configuration file for your website’s server and is usually found it the root directory of your WordPress site. Inside the .htaccess file is a set of rules determining how your website operates. By editing the .htaccess file, you can add SEO-friendly 301 redirects to your website. However, sometimes a hacker may attempt to take advantage of this.

To access your .htaccess file, either use an FTP client such as Filezilla or use the built-in file manager on your website’s Plesk or cPanel control panel. Open the file using any text editor and look for any of the following snippets:

RedirectPermanent http://your-domain/your-page
Redirect 301 /your-page
Redirect 301 /

By removing these lines of code and saving your .htaccess file, you will prevent the redirection from occurring.


2. Look for redirect plugins

Sometimes, a hacker will install a redirect plugin on your WordPress site. When this happens, they will be able to control where pages on your website redirect to.

To check for redirect plugins, navigate to plugins > installed plugins on your WordPress admin dashboard. From there, look for any redirect plugins. Disable these plugins to prevent redirections from occurring.


3. Check your template files

WordPress has built-in redirect functions which can be used to make your website redirect somewhere else. These functions can easily be embedded in your site’s page templates, making every page with a specific post type to redirect away from your website. If you are familiar with development and PHP, take a look through your website’s page template files.

Keep an eye out for functions that include the term wp_redirect. If you are unsure where to look, feel free to contact us for help.


What if you are locked out of your WordPress site?

Sometimes, it may be impossible to access your WordPress site using your admin credentials. This can prevent you from deactivating plugins, removing unauthorised users and resecuring your site. Fortunately, we can help you to take ownership of your site again.

Our web security specialists have fixed many hacked WordPress websites it the past. This gives us the ability to quickly recover your website for you, preventing you from losing customers.

Contact us today for help fixing your hacked WordPress website.


Protect your site against hacks in the future:

The first course of action after recovering your hacked website is to take preventative measures to ensure it doesn’t happen again. By identifying weaknesses and vulnerabilities in your website’s security, you are able to make it more secure and prevent attacks from occurring in the future.

Remove unfamiliar users:

Upon regaining access to your website, be sure to browse through your users and remove any accounts that do not look familiar. Accounts with administrative access should also have their passwords changed.

Look out for plugin vulnerabilities:

Are you aware that WordPress plugins can greatly affect the security of your site? Hackers will often exploit vulnerabilities in plugins, allowing them to gain control over your website. For this reason, it is best to keep your plugins updated and check this website for new vulnerabilities discovered. Turning off any plugins you are not using will reduce the chances of your site being targeted due to vulnerabilities, allowing you to stay safe.

Upgrade your hosting:

Even the most secure WordPress installations can fall victim to bad, insecure hosting. When a website’s server is successfully attacked, the attackers gain access to all of the files stored on it. This can lead to them gaining access to the backend of your website.

By upgrading to secure hosting, you are preventing people from gaining unauthorised access to your website. Our hosting options place a high level of importance on security, meaning your website should always be safe from hacks. With 99.99% effectiveness, our powerful firewall and IPS system stops attacks on your website before they can even start.

Learn more about our hosting