How to Stop WordPress Redirecting to Spam Websites (Quick Fix)

Imagine this: You’re trying to cheque your WordPress website when, suddenly, you’re taken distant to a suspicious gambling tract aliases a sketchy pharmaceutical page.

Your bosom sinks arsenic you recognize your site’s been hacked. 😱

We cognize precisely really terrifying and frustrating this business tin be. But first, return a heavy breath.

Your website tin beryllium saved, and we’re present to guideline you done each measurement of nan betterment process. Whether your visitors are seeing spam redirects aliases you’re getting that dreaded “This tract whitethorn beryllium hacked” informing from Google, we’ve sewage you covered.

In this article, we’ll show you 2 proven ways to extremity WordPress redirecting to spam websites.

Why Is My WordPress Site Redirecting to Spam?

Spam redirects hap erstwhile hackers inject malicious codification into your WordPress site. This codification past sends visitors to unwanted websites filled pinch ads, phishing scams, aliases malware.

Hackers tin usage different methods to summation entree to your site, including:

• Infected Plugins & Themes: Plugins and themes downloaded from unauthorized sources (nulled WordPress themes and plugins) are a communal origin of malware and spam redirects.
• Weak Passwords: Attackers tin conjecture aliases bargain anemic admin passwords to return power of your tract and insert malicious codification that redirects users to spam sites.
• Unpatched Security Holes: If your WordPress core, plugins, aliases themes are outdated, past hackers tin utilization known vulnerabilities to adhd malicious code.
• Hidden Backdoors: Even aft removing visible malware, hackers sometimes time off hidden entree points to reinfect your tract later. These are called backdoors.

Many website owners don’t recognize their site has been hacked until visitors commencement complaining aliases hunt engines rumor a warning. The sooner you act, nan little harm it will cause.

We will screen 2 methods successful this article, and consciousness free to usage nan jump links beneath to spell to nan method you want to use:

Let’s statesman pinch our recommended solution because it is easier for beginners, non-tech users, and mini business owners.

Method 1: Use A Hacked Site Repair Service (Recommended 🎯)

When your site’s been compromised, clip is of nan essence. Every infinitesimal your website redirects to spam websites could mean mislaid visitors, damaged reputation, and imaginable Google penalties.

That’s why galore tract owners take a master repair work – it’s nan fastest, safest measurement to get backmost online.

The Expert Solution:

For astir WordPress users, nan easiest measurement to cleanable spam redirects is by utilizing our master Hacked Site Repair Service.

For a one-time (non-recurring) fee, our squad of WordPress information experts will cleanable your website and region nan malicious codification redirecting to spam sites.

Our Hacked Site Repair Service offers respective cardinal benefits:

• Expert technicians who person handled thousands of hacked sites
• Emergency consequence & timely fixes
• Complete malware removal and information hardening
• Post-cleanup backup of your website
• No consequence of accidentally damaging your site

The champion portion is that you get a 30-day guarantee and a afloat refund if we are incapable to hole your WordPress website.

👉 Ready for master help? Just sojourn our Hacked Site Repair Service page to get started.

Method 2: Fix WordPress Spam Site Redirects Manually (DIY Users)

If you’re comfortable pinch WordPress and for illustration to grip things yourself, past we’ve created a broad step-by-step guide.

We’ll locomotion you done each portion of nan cleanup process, explaining what to do and why it matters.

⚠️ Caution: While DIY fixes are possible, they tin beryllium risky if you’re not acquainted pinch WordPress security. One incorrect move could make nan problem worse aliases lead to information loss.

ℹ️ Important: Create a Backup Restore Point

Before starting immoderate repairs, make judge you person a caller backup of your site. If thing goes wrong, past you’ll want a restoration point.

We urge utilizing Duplicator, which easy backs up and restores your website. We usage it crossed our business, and it has been a game-changer for our unafraid backup needs. For much details, cheque retired our complete Duplicator review.

Note: A free type of Duplicator is besides available. You tin springiness it a try, but we urge upgrading to a paid plan, which offers much features.

Now that you person prepared your website for repairs, let’s commencement fixing spam redirects.

Step 1: Scan Your Website for Malware

Think of malware scanning for illustration utilizing a metallic detector astatine nan formation – it helps you find hidden threats buried successful your site’s files.

Our acquisition shows that spam redirects often hide successful unexpected places, making a thorough scan essential.

Luckily, location are fantabulous WordPress information plugins disposable that you tin usage to scan your website.

Here’s really to tally an effective malware scan.

First, you request to instal a trusted information plugin (like Sucuri Security aliases Wordfence). For nan liking of this article, we will show you really to tally a scan successful Wordfence, but nan instructions activity nan aforesaid sloppy of which information plugin you are using.

First, you will request to instal nan information plugin of your choice. For details, spot our guideline connected how to instal a WordPress plugin.

Next, nether nan plugin menu, navigate to nan Scan conception and run a broad tract scan. It tin return immoderate clip to complete nan scan depending connected really overmuch information and files you person stored.

Once that’s finished, you will spot nan scan results.

Review nan results cautiously and look for severe, critical, and different issues. You tin click connected an rumor to position its details.

Here, astir information plugins will besides supply you pinch instructions connected really to reside that issue.

WordPress information scanners are rather bully astatine catching immoderate of nan astir notorious malware and redirect hacks. Hopefully, they will beryllium capable to find nan codification responsible for spam redirects.

💡 Pro tip: Don’t trust connected conscionable 1 scanner. Different information devices tin drawback different types of malware. We urge utilizing astatine slightest 2 different scanning solutions.

Step 2: Check for Suspicious Admin Users

Hackers often create hidden administrator accounts to support entree to your site. These accounts mightiness person innocent-looking usernames aliases beryllium disguised arsenic strategy accounts.

We’ve seen cases wherever hackers created a azygous cleverly disguised admin personification account. We person besides seen cases wherever nan malware created dozens of admin accounts.

Just travel these steps to place and region suspicious users.

Go to nan Users » All Users page successful your WordPress admin dashboard.

Here, you request to look for accounts you don’t recognize. These could beryllium accounts pinch random numbers aliases unusual usernames aliases accounts pretending to beryllium strategy accounts.

Next, it’s clip to remove immoderate suspicious accounts instantly by clicking ‘Delete’ nether that account.

⚠️ Warning: Some hackers sanction their accounts aft communal WordPress roles for illustration “admin_support” aliases “wp_maintenance”. Be other vigilant pinch system-looking usernames.

Once you person reviewed and deleted suspicious personification accounts, you tin move connected to nan adjacent step.

Step 3: Replace Hacked WordPress Files

Just for illustration replacing a virus-infected difficult thrust pinch a cleanable one, we request to reconstruct cleanable versions of halfway WordPress files.

Don’t interest – this won’t impact immoderate of your website content, images, themes, aliases plugins.

Here’s our tested process for safe record replacement.

First, you request to download a caller transcript of WordPress from WordPress.org and unzip nan record connected your computer.

Next, link to your tract utilizing an FTP client aliases File Manager app successful cPanel and navigate to nan WordPress guidelines folder.

This is nan files wherever you will beryllium capable to spot nan wp-admin, wp-includes, and wp-content folders.

Now, spell up and delete nan existing wp-admin and wp-includes folders.

Once they are deleted, you request to upload nan cleanable versions from your computer.

After replacing nan main folders, you request to switch each halfway files successful nan guidelines directory. This includes files for illustration wp-activate.php, wp-blog-header.php, wp-comments-post.php, wp-config-sample.php, and more.

When prompted, prime ‘Overwrite’ to switch aged files pinch nan caller version.

Next, you request to download nan wp-config.php record to your machine arsenic a backup and delete nan .htaccess record from your guidelines folder. Don’t interest because WordPress will automatically regenerate nan .htaccess record for you.

Now, you person to rename nan wp-config-sample.php record to wp-config.php and past right-click to ‘Edit’ it. The record will unfastened successful a text editor for illustration Notepad aliases TextEdit.

Carefully capable successful nan values for nan database connection. You tin spot nan aged wp-config.php file that you downloaded successful nan earlier measurement to find retired your WordPress database, array prefix, username, password, and hostname.

For much details, spot our guideline connected editing nan wp-config.php file.

Once you person vanished replacing nan aged halfway files pinch caller copies, don’t hide to sojourn your website and admin dashboard to make judge everything is moving arsenic expected.

After that, you tin move connected to nan adjacent step.

Step 4: Remove Malicious Code from Theme & Plugin Files

One of nan communal sources of malware is nulled plugins and themes. These are pirated copies of premium WordPress plugins and themes downloaded from unauthorized sources.

Hackers emotion hiding malicious codification successful taxable and plugin files. They often inject their spam links and redirects into morganatic files, making them harder to spot. But don’t interest – we’ll show you precisely what to look for.

⚠️Warning: Most WordPress taxable and plugin settings are stored successful nan database and will stay location moreover if you delete those files. However, sometimes, you whitethorn suffer settings aliases civilization changes you made to those files. In that case, you will request to manually reconstruct those changes.

Just travel this process to cleanable your plugin and taxable files.

First, you request to download caller copies of each your themes and plugins from trustworthy sources. For free themes and plugins, nan trusted root is nan WordPress.org website itself. For premium themes and plugins, you will want to download them from charismatic websites.

Once you person downloaded each nan plugins and taxable files, link to your website using an FTP client and navigate to nan wp-content folder.

Now, you request to delete nan themes and plugins folders from your website. Once they are deleted, create caller directories and sanction them ‘themes’ and ‘plugins’. You will now person quiet themes and plugins folders connected your website.

You tin now commencement uploading nan taxable and plugin files you downloaded earlier. You will request to unzip each downloaded record earlier you tin upload them to your website.

Once you person uploaded each nan files, spell to your WordPress admin area successful nan browser and activate nan taxable and plugins you were utilizing before. If you spot an error, past you whitethorn request to effort uploading that peculiar taxable aliases plugin record again.

Replacing taxable and plugin files pinch newer versions downloaded from authentic sources will cleanable them.

Hopefully, by now, your website will beryllium cleanable of immoderate spam redirects. However, to guarantee your website remains secure, you will request to tighten its security.

Step 6: Securing WordPress After Cleaning Up Spam Redirects

Security is not a one-time thing. Instead, it is an ongoing process.

Now that you person cleaned and fixed nan spam redirects, nan adjacent measurement is to guarantee your website remains cleanable going forward.

To do that, you request to execute immoderate further information hardening connected your website.

1. Change All Website Passwords

Passwords play an important domiciled successful WordPress security. If you judge your website was hacked, past you request to instantly change each your passwords related to your website.

This includes nan following:

• All personification accounts connected your WordPress website. See our guideline connected changing passwords for each users successful WordPress.
• Passwords for each FTP accounts connected your website. You tin find FTP accounts successful your WordPress hosting power panel, and you tin negociate their passwords there.
• Passwords for your WordPress database username. You tin find MySQL users successful your hosting relationship power sheet nether nan Database section. You must update nan password for nan database username successful your wp-config.php record arsenic well. Otherwise, your website will commencement showing nan error connecting to nan database error.

💡Pro Tip: Always usage stronger passwords and a password head app for illustration 1Password to shop each your passwords.

2. Install a Security Plugin and a WordPress Firewall

Now that we’ve cleaned up nan hack, it’s clip to fortify your tract against early attacks. Think of this measurement arsenic installing a high-tech information strategy for your WordPress site.

Here’s our recommended information setup:

• Install a WordPress information plugin for illustration Sucuri aliases Wordfence (both person fantabulous free versions).
• Set up a WordPress firewall that runs connected nan cloud. We urge utilizing nan Cloudflare free CDN, which automatically blocks immoderate suspicious activity moreover earlier it reaches your website.

We usage Cloudflare connected WPBeginner. You tin publication astir our acquisition successful our case study connected switching to Cloudflare.

The operation of a WordPress information plugin that runs connected your website and a cloud-based firewall strengthens your WordPress information to a master level. It is tin of blocking nan astir communal malware, DDoS attacks, and brute unit hacking attempts.

Bonus Tips: Prevent Future WordPress Hacks

The champion measurement to woody pinch hacks is to forestall them from happening successful nan first place. After helping countless users retrieve their sites, we’ve developed a coagulated prevention strategy.

You tin publication them each successful our complete WordPress information handbook. It is simply a step-by-step information setup we usage connected each our websites, written specifically for beginners and mini businesses.

Here are our apical information practices:

• Set up automated WordPress backups.
• Keep WordPress core, themes, and plugins updated.
• Set up two-factor authentication successful WordPress.
• Limit login attempts to forestall brute unit attacks.

These tips are speedy and easy to implement. They will protect you from malicious spam URL redirect attacks successful nan future.

Final Words: Securing WordPress From Spam Redirects and Malware

Dealing pinch spam redirects tin beryllium scary, but you’ve now sewage each nan devices and knowledge needed to hole your site.

Whether you take our Hacked Site Repair work (Recommended) or travel nan DIY guide, you’re taking nan correct steps to unafraid your WordPress website.

Remember, information isn’t a one-time hole – it’s an ongoing process. By utilizing nan prevention tips we’ve shared, you’ll beryllium overmuch amended protected against early attacks. 💪

You whitethorn besides wish to publication our article connected how to show if a WordPress information email is existent aliases fake aliases how to unafraid WordPress multisite.

If you liked this article, past please subscribe to our YouTube Channel for WordPress video tutorials. You tin besides find america on Twitter and Facebook.

Disclosure: Our contented is reader-supported. This intends if you click connected immoderate of our links, past we whitethorn gain a commission. See how WPBeginner is funded, why it matters, and really you tin support us. Here's our editorial process.

About nan Editorial Staff

Editorial Staff astatine WPBeginner is simply a squad of WordPress experts led by Syed Balkhi pinch complete 16 years of acquisition successful WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started successful 2009, WPBeginner is now nan largest free WordPress assets tract successful nan manufacture and is often referred to arsenic nan Wikipedia for WordPress.