A website malicious redirect is without doubt one of the most popular hack techniques so far this year. Here at OneHourSiteFix, we see this technique used so often with new sites coming to us, that we thought we would write up a blog post to help you understand how hackers could use this method on your website, how it works, and importantly how to fix it.

The root of the problem…

Possibly you have seen or gone through that situation where clicking on some part of your website takes you to an undesirable spot on the internet, such as a pharmaceutical or an adult content site. Apart from these classic redirects, you might also have happened to see the often-confused redirect “SEO spam” in which an attempt by a client to access your website through a search engine, resulted in the client unwittingly visiting a shady website or downloading malware onto their computer.

Apart from these scenarios, there are other types of redirects worth observing such as redirects that only target certain visitors based on their location – Yes that’s right, hackers can also tailor the activation of malware on your site by the geographical location of the visitor.

Malicious code in a theme

When scanning a customer’s website, we found the following code in the theme  “functions.php” which was triggering a redirect to harmful websites – in this case, the theme was very likely a pirated one and thus for this any many other reasons it is not recommended at all to use these types of themes/plugins.

Redirect in theme

Redirects caused by SQL injections in database tables

A common technique used by hackers to help them avoid file-based virus scanners is for them to place their redirection hacks directly into the site’s database. The hack is turned into a string format to its respective character codes. The converted code looks something like code to the right…

And these are just a couple of examples that you might get to see, of course, there are a dozen more techniques that can be used to add redirects to a site that you might see such as Malicious code in the index.php file, redirect rules in a .htaccess file, unidentified files on the server with gibberish names or suspicious bit.ly links.

Hacked code

Removing Redirect Malware

Often this type of hack goes unnoticed and you surely wonder… Why me? Is my website indeed hacked?

You won’t believe but the answer is easy: Your site had known vulnerabilities that dedicated hacker bots where searching the internet for with the key goal of easily infecting them in a matter of seconds per site.

One thing is for sure. ONCE your site has been breached, hackers will take advantage and lead your clients where they want. This with the PURE intention of stealing your site’s traffic, damaging your reputation and website SEO ranking, or worse just for FUN. 

Scratching your head thinking about what to do?...

Malicious redirects can have a brute negative impact on your business, We must warn you that doing nothing can only get worse as a malicious website can get blacklisted in a blink of an eye + may cause your hosting company to suspend your account without any notice.

Beware that infections on a site are usually hard to get rid of (and purposively made so by the hackers), plus you have to make sure you get rid of every part of an infection else it will tend to quite quickly fully re-establish itself. If you need any advice on how to clean an infected site – We would recommend checking further articles on our blog for tips on how to identify and clean hacks from an infected site.

The simple fact is that the chances of an unprotected site being hacked are high, but here we can help you stop the sharks (which is how we call them). You leave us the security part of your website and you can focus fully on your business 😉

Regardless of the type of redirect, you have found on your website, the most important thing is to take immediate action.

Over the past years, our security experts and everyone in our team have been committed to working hard 24/7 analyzing and processing infected sites – Particularly after covid-10 There has been a very large surge of hacked sites. We believe in this modern world dominated by technology, every website deserves to have top-notch security. This is today no longer a whim, but rather a necessity.

We are here at your service to clean your website!

We Can Help Save Your Business

Author: Carlos Soto



WordPress website defaced ? If we don’t fix a defaced website in less than 1 hour then we do it for FREE!. Luckily for us we are very good at fixing sites fast!