A malicious redirect is a bit of code inserted into a website with the intent of redirecting the site visitor to another website. Malicious redirects are typically inserted into a website by attackers with the intent of generating advertising impressions. However, some malicious redirections can have more damaging effects. A malicious redirect can exploit vulnerabilities in a site visitor’s computer through web-based scripts to install malware on unprotected machines. As such, it is critical to remove malicious redirects from your site.
Most site owners are unaware that their site is redirecting visitors. Often, they first learn of the redirection when a customer reaches out to say they have ended up in an undesirable corner of the internet when attempting to visit the site. A site owner could even attempt to replicate the problem, only to see that everything looks fine to them on their computer, while site visitors on mobile platforms experience malicious activity. The redirect might happen on some pages and not others. Or, it might happen before the site even loads.
If Wordfence has identified your site as having one or more malicious redirects, there are some steps you can take to remove the malicious redirect and restore your site to normal functionality.
Before you make changes to your site files or database, we recommend backing up all site files in a safe place, especially if you are unfamiliar with the inner workings of your content management system (CMS).
A malicious redirect can be inserted anywhere on your site — site files or even in your database.
Here are some of the malicious redirects often detected by our scans and some instructions on how to remove them.
On WordPress sites, we see javascript entries placed in theme files. Typically we will find these within the theme’s header, often right above the tag. But they can be elsewhere in the site’s files.
A script typically found in the header can look like the following:
|
|