Hi @jedco03,
Unlike the other topics you had about a problem with your other sites, I have experienced a 404 issue when accessing the link you’ve provided above. It looks like the site was trying to redirect to bouncy.php with a large string that may represent obfuscated code or another identifier of some kind.
I wasn’t able to find direct discussion internally about this file, but I have seen it mentioned on Google where other users have experienced this precise redirection from other domains. Sadly, many of the links are referencing the file itself from other sites that are affected rather than providing a practical solution. It looks like this is trying to use clicks from your visitors to redirect them to another location to increase traffic to another website. The likelihood now though is that the script attempting to do this is present on your site as I was able to replicate the problem this time.
As before, I would point you in the direction of changing WordPress passwords, but also ones for your database, host, etc. that could be accessed when Wordfence isn’t loading. As an endpoint firewall, our plugin will run after PHP loads but before site content is served in a browser rather than when other access points outside of your domain are used.
I will once again link to our documentation around site cleaning but I’m aware you’ll have probably seen this in your other topics too:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
https://wordfence.com/learn/
You are absolutely welcome if you find bouncy.php, other files, or suspicious redirect code that’s been inserted into your homepage to our Threat Intelligence team to samples @ wordfence . com. You may need to use FTP or your host’s file manager to find files that shouldn’t be in your WordPress installation. They will likely know more, or be able to investigate the specifics to suggest a suitable course of action.
Many thanks,
Peter.
