Solutions for WordPress Redirecting to Malicious Websites After Being Infected with Trojan Viruses

WordPress is the preferred choice for many foreign trade independent websites. 35% of websites globally use WordPress, thanks to its mature ecosystem and abundance of plugins and themes. Precisely because of this, WordPress security is also crucial. Today, a foreign trade website was inaccessible; opening the site would redirect to other spam websites. Clearly, it was infected with a virus and maliciously redirected. Naibabiji records the process here.How to Remove This Malicious Redirect WordPress Virus/Trojan Script。

Virus Status

This malicious redirect virus itself does not cause direct damage to website data. It merely inserts malicious scripts that prevent your website from opening, hijacks your website's traffic to redirect to other sites, and then deceives users into allowing browser notifications to profit by displaying ads in the browser. (If you are affected, refer toHow to Close Chrome Pop-up Ads in the Bottom Right Corner of Windows 10）

Virus Principles

The principle of this virus is that it tampers with some of the website's file data (some Trojans also insert into the database) through certain vulnerabilities, inserting malicious scripts. When a user visits the website, the script runs, automatically hijacking traffic and redirecting to malicious websites. The Trojan script Naiba encountered today inserted the following script into the website:

Malicious scripts were inserted into some files on the website, such as the following files (not limited to these):

• index.php
• wp-config.php
• wp-settings.php
• wp-load.php
• .htaccess

Theme files (wp-content/themes/{themeName}/)

• • footer.php
  • header.php
  • functions.php

Some plugin files may also be contaminated.

Removal Methods

The Trojan Naiba encountered today not only modified website file data but also contaminated the database. Therefore, we need to remove the virus from both files and the database to restore the website to normal.

Method 1: Restore Using Website Backup Data

If you have a backup habit, you can directly restore the previously backed-up website database and files. This is the fastest solution. Related article:

• Tutorial on Using BackWPup to Backup Your Website Database and Files
• Prevent Data Loss: 10 Excellent WordPress Backup Plugins Recommended
• Tutorial on Using the All-in-One WP Migration WordPress Backup and Restore Plugin

Method 2: Manually Remove Trojan Scripts

If you don't have a backup, it becomes more troublesome; we need to manually clean the Trojan scripts. 1. Access the website root directory via file manager (cPanel, Baota Panel, FTP, etc.), then open index.php. You can see the malicious script inserted at the very beginning of the file, as shown in the image below:Checking the theme files, you will find the following code inserted:2. Delete all infected files on the website. Of course, checking these files one by one and then deleting them is a huge task. Therefore, you can keep only your upload folder, delete all other folders, go toDownload the latest WordPress installation packageUpload and overwrite. 3. Upload safe website files to the server. 4. Enter the database backend to clean the contaminated database content.The image above shows malicious script data found in the database, which we need to manually remove. 5. Install Wordfence to scan the website files for any remaining threats. At this point, the malicious script files on the website should be cleaned up, and the website should be accessible normally.

Security Protection

After cleaning up the virus, to prevent being hacked again, we need to ensure WordPress security. Naiba summarizes the following experience for everyone:

1. The administrator account must have a secure password; it's best to use the high-strength password automatically generated by WordPress.
2. Keep WordPress and Plugin versions updated. Many foreign trade websites never update, inevitably encountering vulnerable versions.
3. Do not install Themes and Plugins from unknown sources; avoid cracked versions unless security is assured.
4. Server security must also be considered: keep server software versions updated and use secure passwords.
5. You can install a security Plugin, but experience tells Naiba that against powerful viruses, security Plugins are equally ineffective.

So overall, the safest methods are ensuring password security, avoiding random installation of Plugins and Themes, and keeping versions up to date. Finally, if your website malware is not yet cleared, you can contact Naiba for paid assistance.