My WordPress website got malware and redirects to spam websites. What can i do?

Your site is hacked with SQL injections so I don’t think that plugin caused it but Securi sees the hack.

https://sitecheck.sucuri.net/results/ssm.com.cy

Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

Well i have seen that too. I was getting a message that core files have been modified. I have reinstalled WordPress, install Wordfence and now it seems the problem does not occur. Securi result you linked is hold in the cache.

BTW: I see 404s as a good indication of needed ‘housekeeping’.

Instead of just blanket redirecting to the home page or a custom page you might want to view the 404s as indicators of content you should not have deleted or need to explore as future article ideas.

I’m also concerned that a missing image(s) might trigger some kind of an endless loop where visitors get stuck in a miasma of 404s causing redirects that then cause more 404s and even more redirects.

You might find a plugin such as this one a better alternative once you’ve dealt with your security issues…

https://www.ads-software.com/plugins/redirection/

You might find this site helpful also when dealing with redirections.

https://www.rapidtables.com/web/tools/redirect-generator.html

Now Sucuri just sees the 409s caused by Contact Form 7. I’m not sure if that’s even an issue but you might want to follow up on that or test the form itself.

As to WordFence…

I run a pairing of WordFence and iThemesSecurity together on most of my sites. Those two behave well together and compliment each other. I also toss in the Sucuri scanner plugin and the WordFence assistant though I don’t enable those two unless I want to run them. Wordfence Assistant can be enabled through WP-CLI if needed and can help you get back in as admin if you get locked out. It happens.

Sucuri is kind of good for double checking things once in a while.

I also like to ‘hide’ my sites behind CloudFlare. Their DNS is excellent, offers some DDOS protection, and keeps your origin server out of public view.

• This reply was modified 5 years, 9 months ago by JNashHawkins.

Thank you, can export for me the settings you use for ithemes plugin?

Settings for iThemesSecurity are mostly just default and whatever iThemes suggests. I doubt my settings would help you and imagine each site is different anyway.

The truth is I’m very lazy… default settings are my norm.

And you just cleaned up one hack… imagine what someone like me might stuff into an export file… Not a good idea.

Hello, my new WordPress site redirects to a htdabsstoretext medical portal when accessed via google search. Pls advise. Thanks