How to Detect and Clean WordPress Malware Redirect

May 4, 2018 | Errors and Troubleshooting, Wordpress Security

If your website gets hacked there is a chance that hacker might enter some malicious code to your website that redirects it on another spamming website, this can damage your website and Google will blacklist your website for redirecting a user to the malicious website.
Many websites get hacked daily, you need to secure your website from these malware redirect attacks. These redirects are of different types, they can take the visitor to any spamming or adult website to degrade your website reputation and sometimes hacker enable these redirects only for mobile browsers. Sometimes, these attacks also affect the speed of your webiste.

How to detect WordPress malware redirect

You can detect malicious redirect by visiting your website when you get redirected to the malicious website than the website you opened. To check from where this malicious redirect occurs check the following areas of your website.
  • Hacker can inject malicious code into your WordPress core files.
  • Make themselves a ghost admin on your site.
  • Place the infected code in php, footer.php or functions.php in your WordPress theme folder.
  • Check php and index.html.
  • Also, check .htaccess files

After effects of malware redirect WordPress

There are several after effects of malware redirect.
  • Your website gets
  • The site will take a very long time to load.
  • Shut down your website.
  • Show warnings about your site.
  • Destroy
  • Destroy the trust of the visitors on your website.

Let us Take Care of Your Hacked WordPress Website

How to clean WordPress malware redirect

You may have a question about how to remove malware from my WordPress site. You can follow the following steps to clean up your website.

Scan website for malicious code

You can scan your website by going through your side codes files but if you don’t have time for this you can scan WordPress website for malware online. Before scanning, back up your website because these malicious codes destroy your website if you don’t remove it on time.
You can even use plugins like Wordfence, Sucuri or jetpack to scan your website for malware redirect. With these plugins, you can find the infected code.

Locate the bad code

It is not easy to locate the bad code on every page of your website. Sometimes these malicious codes are hidden in the server. There are locations where hackers mostly attack to find these codes you need to login through FTP. If your website redirects you to the different website you need to look at:
  • WordPress core files.
  • Both index.php and index.html files.
  • .htaccess files.
And if hacker redirects your user to some download page then you need to check your:
  • Theme files.
  • header.php file in theme folder.
  • footer.php file in theme folder.

For Example:

Malicious code that is added to the header file in the theme.
Malicious code that is added to the footer file of the theme.

Pretend you are a bot

To scan your website better you can pretend to be a bot using command line interface. You can use the following code to make a bot using ssh client.
$ curl –location -D – -A “Googlebot”
After entering this command, you need to look for the suspicious code. The infection could be in iframe or script. The command line will help you locate the infection on your website.

Remove malicious code

Once you find the infected part remove the malicious code from it. This code could be a number of irrelevant lines. If the hacker creates an infected page on your website you can remove it. Simply scan URL for malware using remove URLs feature in Google search engine console and delete the bad code.

Resubmit your website

You need to resubmit your WordPress website if it got blacklisted from Google search result for review. Otherwise, Google will not know that you have fixed your website.
You need to login to your webmaster tool ( Google Search Console ) then go to search traffic and click on manual actions. There you will see a request to review option, where you can submit your request.

How to secure your website after removal of website redirect virus

After removing the infected parts from your website you need to secure your website from future attacks.

Update your WordPress website and plugins

You need to update your WordPress core files, plugins, and themes. As updates fix previous bugs and improve the website security. Also, update all the extensions you have installed on your website. The update is really important for your website because technology is changing day by day to keep up with new technology you need an update.

Remove unwanted themes and plugins

Remove all unwanted themes and plugins from your website because these themes and plugins will slow down your website and increase the vulnerability. So, it is a good idea to delete every plugin and theme you are not using. Don’t give any loose end to the hacker to infect your website. Deleting these themes and plugins also optimize the speed of your website.

Secure your password

Change all the passwords on your WordPress website. It is hard to crack the strong password, you can use lowercase and uppercase characters, special characters and numbers to make your password powerful. To ensure the security of your website change the password related to your WordPress website. All passwords mean administrator, FTP account, hosting, and database password, and regenerate WordPress salt keys.

Use plugins for security

You can even use plugins for security. There are many WordPress malware scan plugins for advanced security features. Every plugin has one main goal to secure your website from malware attacks. Many plugins include:


Malware is a harsh term in programming that is meant to harm your website or computer. We have discussed WordPress website hacked redirect and how to handle this problem. Hope you like this article and it helps you fix your problem. If you still can’t fix your website don’t hesitate to contact the experts for malware removal service.

Let us Take Care of Your Hacked WordPress Website