This section describes a type of malware that is spreading to a large number of files on a very large number of sites these days, in which clicking on various elements of a site sends the user to a different malicious site.
Redirect hack that redirects you to a malicious site without your permission in rare cases when you click on a link on the site.
This malware modifies and embeds malicious JAVASCRIPT code in many of the core WordPress files.
*Examples of core WordPress files that are tampered with
wp-activate.php
wp-mail.php
xmlrpc.php
wp-comments-post.php
wp-signup.php
wp-load.php
index.php
wp-blog-header.php
etc., write the following JAVASCRIPT code in the files as you see fit.
This malware is characterized by placing a malicious event over every clickable element on the site, and sending the user to another malicious site by opening a new window for each link click.
It also records the time in the user’s COOKIE, and once the user is redirected, the redirection is not triggered for a certain period of time, delaying detection.
The incorrect redirects are often to URLs such as the following
bit.ly/random string ois.is/images
How to deal with malware that redirect hacks
Since this malware infects legitimate WordPress files, it is possible to remove the malware by downloading and replacing the legitimate WordPress core files with each WordPress core file.
You can also use the [Free] WordPress:Malware Scan & Security Plug-in to detect and remove the malware.
Dealing with Vulnerabilities
If the core files of WordPress have been tampered with, the following vulnerabilities may exist in the site. We believe that it may be necessary to address these vulnerabilities as well.
The administrator rights of WordPress have been hijacked.
A vulnerability caused by a plugin has been exploited and a program has been installed somewhere to tamper with the site.
Other sites on the server are infected, and the site is being tampered with via a folder on that site.
Reference page on how to deal with this problem
5 free WordPress security measures
Easy WordPress Security Improvement Checklist