How to delete redirects in an infected WordPress?
About 30% of Internet websites use WordPress, making it the most popular CMS in the world. Unfortunately, the incredible popularity of WordPress has one major drawback: it makes the platform very attractive to hackers. A common attack vector used against WordPress websites involves file compromise so that the website automatically redirects users to another location. in this tutorial you will learn how to remove this redirect.
How does redirecting an infected WordPress work?
There are many types of malicious redirect techniques used on WordPress websites. The most common include:
1-Edit the .htaccess website
Each WordPress website has an .htaccess file located in the folder where WordPress was installed. WordPress uses this file to change the way the web server processes files. It is also used to create the pretty permalinks used by WordPress. Hackers accessing your server can modify this file to add malicious redirect. The redirect would send all visitors to another website. Hackers could also add additional .htaccess files containing malicious redirect to other locations, such as / wp-content or / wp-includes.
Editing WordPress PHP files
WordPress often contains malicious redirects in PHP files, including index.php , header.php , footer.php and functions.php . Hackers target these files because they are often executed by WordPress. Hackers could also modify the header.php file of your WordPress installation using a coded string and the eval () function of PHP.
Install a plugin or theme that modifies other files
Another common way for a malicious redirect to infect a site is to ask the website owner to unintentionally install an infected plugin or theme. The solution to this type of attack was to remove the plug-in and restore the old .htaccess from your website.
How to disinfect your WordPress site?
Deleting WordPress redirects is usually a simple process.
1- Change your passwords and check the registered users
If a hacker manages to access your administration section, you will need to change the passwords of all WordPress users. You will also need to make sure that no additional users have been added by the hacker. For added security, you must also generate new WordPress salt keys and passwords for FTP accounts, databases, and hosting accounts.
2-Remove all unexpected plugins and themes from the site
The presence of unexpected themes or plugins may indicate that your site has been compromised. Delete all of these files.
3- Scan your website with an appropriate tool
There are many tools that can analyze your website to identify malware and infected files.
4- Use a WordPress plugin to analyze your files
There are a variety of plug-ins that will scan your WordPress system files to make sure they are correct. These scanners will identify any malicious code added to files such as index.php , db.php , header.php and footer.php . The Security and Monitoring plugin which can analyze and identify if WordPress core files are modified or infected.
5- Manually inspect vulnerable files
6- Reinstall your WordPress files, plugins and themes
If the problem persists, restore an older backup of your website. If you don’t have a backup of your website, do a complete reinstallation of all WordPress files, plug-ins and themes.
To prevent this kind of attack from happening again:
It is important to take steps to prevent this infection from recurring. The following steps will greatly reduce the risk of another attack.
Change your passwords
Make your passwords more complex so that hackers are less likely to successfully use a brute force attack on your website. Your passwords should also be changed regularly. Install
Install WordPress security software
You can install security software such as All In One WP Security & Firewall
Install a WordPress file integrity check plugin
Never install plugins or themes from untrusted sources
As much as possible, get your plugins from the official WordPress site. Don’t install plugins or themes unless you really need the features they offer. If you’re not using a plugin or theme, remove it from your website.
Keep all themes and plugins updated
WordPress themes and plugins sometimes contain vulnerabilities that can be exploited by hackers. update to minimize the risk of vulnerability.
Make sure your WordPress installation is regularly backed up
It is essential to back up your website regularly so that you can recover quickly from these types of attacks.
You are now able to disinfect your WordPress site which redirects to other websites. Don’t hesitate to share your comments and questions!
About the author
DMTwebhosting.com‘s Editorial Team prides itself on bringing you the latest web hosting news and the best web hosting articles!
You could also link to the news and articles sections: