My Site (Dantravels.org) was attacked by Malware too! HELP!

Hello,

Your website doesn’t seem to redirect to anything else right now for me.

Did you try in private navigation? If it doesn’t redirect, then try to clear the cache of your browser, the redirection is likely stored in your browser as it is usually a 301 (permanent) redirection that is used in this type of cases.

For further assistance, you can contact me personally using : https://terageek.org/contact/

Best regards

Hi Robin,

It won’t redirect if you visit my website “directly”. I am talking about “organic” visitors to my site. Try googling “Dantravels” and click the Dantravels.org result.

Let me know if it redirects.

PS: I already tried incognito mode several times but still, I see my site being redirected.

Regards,
Daniel

Oh yes, I see.

Well in this case, if you have a pre-hack backup, I would start by restoring it.

Else, I would:
1) Remove any PHP file and restore original updated PHP files (especially core scripts, but plugins and themes as well, code can be injected into it), making sure to save wp-config.php’s content, and potentially recreating it with the WordPress assistant
2) Check for strange PHP files, that shouldn’t be in there (like in “uploads” dir) and check content for any .htaccess
3) Clear any cache in the website (or disable cache plugins to try out)
4) Manually check through the database for any junk in it
5) Use WordFence scan in the most sensitive mode to double check
6) Make sure the host is secure (latest PHP version, and hopefully security improvements for WordPress like Plesk hosting does at HaiSoft for example).
7) Remove any obsolete theme or plugin
8) Make an intrusion scan using WPScan hack tool and remove any other non secure script that might be detected.

That way you’re 99.99% sure that no hack remains and that your website is secure.
Do not hesitate to reach me in private if you need professional services to do that.

Best regards

Well, is there anyone from WP File Manager support who can help me? I was hoping the support team can help me as I have done nothing wrong.

I don’t think I can afford any professional services for now. =(

Well, then you can do what’s advised and applies basically to any hacked WordPress website, regardless of what caused it. That’s a good thing to have this knowledge in your bag. ??

Plugin devs won’t fix your website, they maybe will fix their plugin, but that’s it. Awaiting for that, you shall of course uninstall the plugin as it seems to have a known security issue.

Best regards

Even after you have removed the issue google still takes a little while to rescan your website and update the links it send people to. I just googled Dantravels and clicked on the Dantravels.org link and went to you correct website. If you still see the dodgy stuff then your browser has the old cache still.

You are better to delete this plugin and use the file manager via your web hosting cpanel or equivalent as this will always be a risky plugin to have active as it give such high level easy access to critical files.

All the best.

Hi @dantravelsph, we have sent you a reply to the original ticket above, we do not have a second ticket. We have reached out to you via ticket #4649 to set up a meeting to dive deeper into your issue.

Looking forward to solving this with you!