DMT Web Hosting is too concerned about the health and safety of both clients and employees. Our office is closed due to COVID-19 countrywide lock down. You can reach us on +92 300 044 4656, +92 321 112 6660 during the lock down period. We appreciate your understanding and patience.

How to diagnose an infected WordPress

How to delete redirects in an infected WordPress?

About 30% of Internet websites use WordPress, making it the most popular CMS in the world. Unfortunately, the incredible popularity of WordPress has one major drawback: it makes the platform very attractive to hackers. A common attack vector used against WordPress websites involves file compromise so that the website automatically redirects users to another location. in this tutorial you will learn how to remove this redirect.

How does redirecting an infected WordPress work?

There are many types of malicious redirect techniques used on WordPress websites. The most common include:

     1-Edit the .htaccess website

Each WordPress website has an .htaccess file located in the folder where WordPress was installed. WordPress uses this file to change the way the web server processes files. It is also used to create the pretty permalinks used by WordPress. Hackers accessing your server can modify this file to add malicious redirect. The redirect would send all visitors to another website. Hackers could also add additional .htaccess files containing malicious redirect to other locations, such as / wp-content or / wp-includes.

  1. Editing WordPress PHP files

WordPress often contains malicious redirects in PHP files, including index.php , header.php , footer.php and functions.php . Hackers target these files because they are often executed by WordPress. Hackers could also modify the header.php file of your WordPress installation using a coded string and the eval () function of PHP.

  1. Install a plugin or theme that modifies other files

Another common way for a malicious redirect to infect a site is to ask the website owner to unintentionally install an infected plugin or theme. The solution to this type of attack was to remove the plug-in and restore the old .htaccess from your website.

  1. Infecting JavaScript files with malicious code

Another malicious redirect attack was identified in 2017. This attack injects malicious JavaScript code into every .js file available on your website. Malicious code can be recognized by the long hexadecimal strings it places in files. These sections of code look something like:

How to disinfect your WordPress site?

Deleting WordPress redirects is usually a simple process.

1- Change your passwords and check the registered users

If a hacker manages to access your administration section, you will need to change the passwords of all WordPress users. You will also need to make sure that no additional users have been added by the hacker. For added security, you must also generate new WordPress salt keys and passwords for FTP accounts, databases, and hosting accounts.

2-Remove all unexpected plugins and themes from the site

The presence of unexpected themes or plugins may indicate that your site has been compromised. Delete all of these files.

3- Scan your website with an appropriate tool

There are many tools that can analyze your website to identify malware and infected files.

4- Use a WordPress plugin to analyze your files

There are a variety of plug-ins that will scan your WordPress system files to make sure they are correct. These scanners will identify any malicious code added to files such as index.php , db.php , header.php and footer.php . The Security and Monitoring plugin which can analyze and identify if WordPress core files are modified or infected.

5- Manually inspect vulnerable files

If the problem persists, you can manually inspect files that often contain this type of attack. This includes your .htaccess files, your index.php and db.php files. This attack also appears in your theme’s header.php and footer.php files. Look for long coded strings and javascript calls to remote websites.

6- Reinstall your WordPress files, plugins and themes

If the problem persists, restore an older backup of your website. If you don’t have a backup of your website, do a complete reinstallation of all WordPress files, plug-ins and themes.

To prevent this kind of attack from happening again:

It is important to take steps to prevent this infection from recurring. The following steps will greatly reduce the risk of another attack.

Change your passwords

Make your passwords more complex so that hackers are less likely to successfully use a brute force attack on your website. Your passwords should also be changed regularly. Install

Install WordPress security software

You can install security software such as All In One WP Security & Firewall

Install a WordPress file integrity check plugin

You can also install a Plugin which verifies the integrity of your files by comparing them with the files of the official WordPress repository. This plugin can discover malicious code in your theme’s Javascript files, header.php , index.php and footer.php .

Never install plugins or themes from untrusted sources

As much as possible, get your plugins from the official WordPress site. Don’t install plugins or themes unless you really need the features they offer. If you’re not using a plugin or theme, remove it from your website.

Keep all themes and plugins updated

WordPress themes and plugins sometimes contain vulnerabilities that can be exploited by hackers. update to minimize the risk of vulnerability.

Make sure your WordPress installation is regularly backed up

It is essential to back up your website regularly so that you can recover quickly from these types of attacks.

Conclusion

You are now able to disinfect your WordPress site which redirects to other websites. Don’t hesitate to share your comments and questions!

About the author

DMTwebhosting.com‘s Editorial Team prides itself on bringing you the latest web hosting news and the best web hosting articles!

You could also link to the news and articles sections:

http://www.DMTwebhosting.com/blog

Share
Share
Share
Share

Fill out the form to send Email

DMT Web Hosting is too concerned about the health and safety of both clients and employees. Our office is closed due to countrywide lock down. You can reach us on +92 300 044 4656, +92 321 112 6660 during the lock down period. We appreciate your understanding and patience.