Redirect hacks that cause a site to jump to another site (often a malicious software download, a fake e-commerce site, or a site that makes you click on a robot authentication) are not only tampering with files, but also getting into the database.
Here are some examples of database malware tampering and how to deal with them.


Example of tampering with redirect hack wp_option (configuration-related database)

Many of these tampering cases take advantage of vulnerabilities in theme or plugin settings storage to write malicious code into the settings, which is then enforced when the site is displayed.
They will plant malicious code in the settings data, for example, in the copyright notation at the bottom of WordPress.
The tampering code will look something like the following

<script type="text/javascript">eval (String.fromCharCode(118,97,114,32,115....

In many cases, the tampering in this case is sanitized (array represented as a string) data, so if you use database display software such as PHPMyADmin to remove the tampering, the array data will be corrupted and the data itself will be invalid, making it difficult to remove.

Free plug-ins to investigate and remove WordPress malware, including database tampering
Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

can also modify (malware extermination) sanitized data while preserving the array structure.

Example of tampering with redirect hack wp_contents (text content of posts)

The tampering code in this case is the same script as above embedded with eval (String.fromCharCode), or an external malicious script may be embedded directly as shown below.

<script type="text/javascript" src="//URL to malware JS"></script>

In this case, a very large amount of database content may be infected, and to get rid of it, it will replace the content strings in bulk.
Search Regex plugin
etc., which will replace the strings of the contents in bulk to eliminate the infection.

This type of tampering can also be caused by theme or plugin vulnerabilities, and in more serious cases, administrator privileges may have been dashed or database login information may have been leaked.
After removing the tampering, it is advisable to change the administrator’s password and the database password as security measures.

*We recommend that you back up the database first when modifying the database configuration contents.

Free plug-ins to investigate and remove WordPress malware, including database tampering
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

Related Posts:

  1. Redirect hack that takes you to another site when you click on a link on a WordPress site.
    A redirect hack is a type of tampering in which a hacker alters site data or theme files to force users to go to a page that the hacker wants them to go to instead of the page they originally wanted to see. The following is an explanation of a common example of a redirect hack, in which clicking on...
  2. WordPress Rarely, a redirect hack that sends the site to another site only from Google search results.
    This section describes a redirect hack that forces WordPress to go to a different rogue site only in rare cases (some patterns say only on smartphones) when jumping from search engine results, and explains how to deal with it....
  3. Redirect hack that sends you to a malicious site when you click on a screen or link on a WordPress site.
    This section describes a type of malware that is spreading to a large number of files on a very large number of sites these days, in which clicking on various elements of a site sends the user to a different malicious site....
  4. What to do for your site users when WordPress is hacked, tampered with, or hijacked.
    This page explains how to respond to users (those who use the site) when there is a possibility of damage to users who visit the site, such as being redirected to another site, being sent to a sweepstakes site, or downloading malicious files due to WordPress tampering. This page explains how to respond to users (those who use the site)...
  5. Can the WordPress database be tampered with or infected by malware?
    Most WordPress malware and tampering is done to program files, and only rarely is the database tampered with. However, when a database tampering vulnerability is found in a very popular plugin, database tampering (known as SQL injection) hacking can become an epidemic....
  6. An example of a redirect hack embedded in a WordPress core file
    Recently there has been an increase in the embedding of JAVASCRIPT-type malware starting with trackmyposs in WordPress core files....