Why is my WordPress site redirecting – Is it hacked?

If your WordPress site is redirecting to another web URL which looks spammy, it might be–in all likeliness–a WordPress Malware Redirect security hack that requires immediate attention. The issue is more severe when Google or other search engines blacklist your site. A less severe reason for a website to get automatically redirected is a faulty plugin, or erroneous custom code on your website. It may also happen that your website administrator switched to a different domain or server, or that they re-structured the categories and pages; so the redirect isn’t really a fault.

Whatever might be the symptoms and their underlying problems, we’ve got the solutions for you.

My entire website is redirecting to a suspicious URL

This is definitely a case of WordPress Malware Redirect security hack, as you or any users on your website have not deliberately written any redirects in the source code. When users attempt to get on your website, malicious code in one of the site’s pages will redirect them and force install some malicious code on their computer. This can go undetected if the end user’s computer does not have an anti-malware scanner. If detected, it can prevent genuine users from accessing your site. They may even block your site forever. Either way, a malware attack can prove detrimental to your online business.

Malware Redirect Hack can be confirmed by running one of the following anti-malware tools or plugins on your website:

You may also try looking for encrypted content in the following pages/programs on your website:

  • Header config file (like header.php in the themes folder)
  • Footer config file (like footer.php in the themes folder)
  • Functions file (like functions.php in the themes folder)
  • Index file (like index.html or index.php)
  • Server configuration files (like .htaccess, wp-config.php)
  • Other theme files, posts and pages

We found this brilliant article on the web that provides a step-by-step solution to clean up websites infected with malware security hacks. Ensure to keep your anti-malware detection plugins up-to-date and your website and webpages regularly scanned.

My site’s plugins, themes, or servers are affected

If one of your WordPress theme/plugins is not functioning correctly, it may cause one or more webpages to redirect to a temporary webpage, or an incorrect webpage on your own site. On the other hand, plugins like Pretty Links are designed to disguise an affiliate URL for a reader, so that the link looks friendly and not suspicious when hovered. This is not really a fault, but rather the very functionality of the plugin. However, if the redirect is not configured correctly, or for some reason, the redirects are not in sync with the plugin server, the resulting links might cause faulty redirects. In this case, you just need to update/sync the plugin on your WordPress site, or get in touch with the makers of the plugin. If this too doesn’t work, disable or uninstall the plugin, re-install and enable it again. You may also want to ditch the faulty plugin altogether, and find a better performing plugin for your WordPress site.

A website redirect might also happen in case of faulty themes or servers. If your server or domain is hacked, it is likely that your website will face a downtime. In this case, contact your web hosting service provider and confirm the security hack or outage. Provide any details and screenshots for them to ascertain the issue, and in turn, inform your customers of the unplanned outage.

Remember to:

  • avoid using plugins that are not currently maintained by the creators
  • keep your plugins, themes, categories and pages clean and updated
  • back-up your website every couple of days, and use a restore point to restore the website in case of a hack
  • remove any unauthorized users on the site
  • change passwords to the server, FTP, database, etc. periodically

Only some pages or pages with comments are redirecting

Perhaps you have a faulty custom code on some of the site’s posts or pages, or a suspicious pop-up appears when you click on some of the links. In some cases, malicious content can be seen on link hover as well. Most of the security breach occurs via back-links and ping-back posts. Hackers or spammers often send comments to your articles for you to publish on your website. You can easily spot comments with suspicious links. However, if you accidentally accept these comments, the corresponding webpages might behave differently.

As a website owner or administrator, you could run a complete scan on all your webpages, and identify infected pages. You could then, either, manually remove the suspicious code or run anti-malware plugins (as suggested in step 1). Delete all malicious back-links and ping-backs. Make sure you identify the authenticity of the sender – you could look for genuine IPs and email ids.

All websites (my own and others) seem to be redirecting

Well, you wouldn’t need us to tell you that your computer seems to be infected. You need to drop everything else and run a security scan on your computer. Make sure your security software is up-to-date. You also want to analyse if the problem persists on a specific browser type. For example, a website is redirecting on Internet Explorer, but works properly on Google Chrome. There could be two reasons for this:

  • The website is not supported on a specific browser. Therefore, it may redirect or display partial content. In this case, switch to a supported browser.
  • A browser plugin, Active X, cookies, or pop-up is causing the browser to function abnormally. In this case, one may disable or remove the plugin, or enable pop-up blocker. Also clean up the browser history, stored passwords, cookies, etc. in order to prevent the browser to read sensitive content on some websites.

Your system administrator has manually configured redirects

It is pretty embarrassing to go to great lengths to find out the root cause of website redirects to end up discovering that it was your system administrator who configured the redirects in the first place! Our sincere advice is that always check with a senior co-worker or administrator if they made any specific changes. Administrators also maintain directory structures on FTP and the WordPress site, so you might see images being redirected to another URL. Administrators also sometimes redirect the server to a temporary location when maintenance activities are being carried out on the main site, so these redirects aren’t “issues” after all.

Final words from WordPress

WordPress admits that their sites are not always top-notch secure, and hackers can still find their way through loop holes on the site. Head over to the following article for FAQs about resolving site hacking issues.

To cut a long story short, a WordPress site may be redirecting due to a deliberate redirect URL in code, or due to WordPress Malware Redirect security breach. It is important to look at the symptoms and severity, and perform corresponding corrective action.