Here is what to do if a user complains that a WordPress site sends them to another site.
Why does it go to another site by itself when I access the site?
The reason for this is that the site data has been tampered with and code has been embedded somewhere on the site to misdirect the user.
This type of tampering is called a redirect hack.
Hackers take advantage of a vulnerability or other vulnerability to infiltrate a site, and then alter and embed malicious scripts that redirect users to malicious virus distribution sites, sweepstakes sites, or other sites where they want to increase their traffic.
In many cases, the scripts are complicated enough to be triggered only when a Google search is performed, or once redirected, they are not triggered for several days afterward, or only when the user is on a smartphone.
Where is the code embedded?
The malicious code from such tampering is often embedded in a program that runs on any page in WordPress.
Typical files will look like the following
wp-config.php
index.php
wp-blog-header.php
Theme index.php
Theme header.php
Theme footer.php
However, it is extremely difficult to find these tampered files by inspecting them one by one, as they are nowadays often embedded in a very wide variety of files in the deeper hierarchies of WordPress.
To find tampered files, we recommend the use of a plugin that can comprehensively scan WordPress files for malware.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
How to deal with redirect hacks
If your site has been tampered with, there are basically three ways to deal with the situation.
1 Remove all tampering
2 Close the vulnerabilities that allowed hackers to tamper with the site.
3 Do 1 and 2 above for all sites on the server
The reason why 3 is necessary is that many of today’s malicious tampering files (malware) are of the type that scan the folder structure on the server and spread their tampering beyond the domain folders.
