What if my WordPress Blog Got Hacked with the Google Redirect?

by Mark in 28 Comments — Updated Reading Time: 3 minutes

What If My Wordpress Blog Got Hacked With The Google Redirect? Photocontact form if you want to submit a question.

Redwall_hp asks:

BookAdvice.net is a legitimate website, and works fine if you access it directly. However, if you search “bookadvice” on Google or Yahoo, and click the result, you are taken to a bogus site that tries to install a smitfraud-type faux antivirus malware package. The SERP looks perfectly normal, as it should be, but when it’s clicked it doesn’t take you to BookAdvice.net, but to the malware site.

What you described in your questions is the (unfortunately) popular hack that places a redirect on a website to divert all or part of its search engine traffic to another website.

This hack is not limited to WordPress blogs, although some months ago a WordPress vulnerability made this a big problem on the platform.

Here is how it works: the hacker gains access to the WordPress control panel or to some specific files (e.g., plugins) in your server. After that he will insert some PHP code in one of the files, create a plugin, or create a fake .jpg image that will function like a plugin.

Once the code or the plugin is in place, whenever someone tries to access your website via a Google search result, he will be directed to another site specified by the hacker (usually a malicious site that will try to install something on the computer of the users).

If you want to test for this hack, you simply need to search the name of your site in Google and click on the right result. Then just check if your will end up on your site or on another site. It is a good idea to test this for a couple of posts too, and not just with the homepage.

If you find out that you got the hack, here are some steps that you can do to try to fix it:

1. Upgrade Your WordPress Intall

The first step is obviously to upgrade WordPress. Older versions have many security holes that make it easier for people to gain access to specific files inside your site or server.

2. Change your passwords

The second step is to change all your passwords. This include the WordPress admin password, the hosting account password and the FTP password. If you don’t do it already, remember to change the password regularly too.

3. Browse your site files via FTP

Log into the FTP account of your site and browse around on all the folders. You will be looking for any file that has a strange name or that looks suspicious. If you have a WordPress blog installed on another site, compare the structure of all the files to make sure they match.

4. Browse your theme files

Log into your WordPress control panel, go to the theme editor, and browse inside all your theme files. Look for lines of code that are not supposed to be there, or that contain a PHP code that you don’t recognize.

5. Check your database tables

Some hackers will also upload fake images to your “Uploads” folder and activate them with a plugin call. To detect this you need to open PHPMyAdmin, browse the “wp-options” table, and edit the “active_plugins” record. On that record you will see a list of all the plugins that are supposed to be active in your blog. If there is a strange one there named hdjsjekf.jpg, for instance, delete that.

6. Backup!

Backups are your best line of defense. No matter how secure you make your blog install, if someone is determined to break in, he will be able to. If you have backups, however, all you need to do is to put a fresh software installation in your server and restore the backup.

Finally, check also the post titled 3 Must Apply Security Tips for WordPress that I wrote a while ago with some tips that you can use to secure some parts of your WordPress site.

Share this article

28 thoughts on “What if my WordPress Blog Got Hacked with the Google Redirect?”

  1. Thank you for the great advice, I think all blogger who are using their own wordpress blog shoudl follow it, our blogs are very important for us now as we would love to grow it more, I am just imagining if I lost my blog, I will be so very sad for sure!

  2. Hi, fantastic uncluttered theme
    Just want to let everyone know about a great Website Design company. “””www.cmn.com.pk””
    Thanks for the tips.

  3. I agree with you.
    Thanks for the tips.
    That theme is useful for me and hope for others also. Nice Work…

  4. Look like Nice but i haven’t yet problem like that. But most people have that problem they say into comments. Than if i have that problem in future I preferred this…..Thanks.

  5. Thanks for sharing the information how to make my wordpress secure. But I think it’s better to make some info on how do hackers to it a little vague. Because somehow some people might follow the steps for a try out :(.

  6. i must ask if NOT using wordpress, but something else (that can be recommended) would help, or if this is a problem no matter what?

  7. #6 is most important. Backup backup backup. I worked in web hosting once. Unbelievable the number of ‘webmasters’ that did not make regular backups of their sites.

  8. I am a afraid this happen to me one day, this could give me headaches for sure… thank you for sharing this great information

  9. Well this is really a scary issue for the wordpress blogger, I think one must be prepared for all these mischief happenings on the internet and keep changing the password.

  10. Thank you for the great advice, I think all blogger who are using their own wordpress blog shoudl follow it, our blogs are very important for us now as we would love to grow it more, I am just imagining if I lost my blog, I will be so very sad for sure!

  11. Groan!! I hate the technical side of WordPress, i am forever changing plugins and poking around my wp security issues. I do however take the security of my wp blog very seriously. As for backup i regularly download my important data from the blog and occasionally download my SQL from cPanel. But as you say if someones determined enough then they will hack your wp blog.

  12. Well had seen this kind of problem before, but never knew the cause and solution. Thanks to redwall_hp and Daniel..

  13. I had a similar problem. At the time I didn’t know what was the problem so I had to delete my blog and reinstall it….

  14. Very timely post – this just happened to me the other day. The hacker got in via my WordPress ‘admin’ user (which I subsequently deleted) and added a PHP file to the Media Library. I found it and removed it.

  15. I forgot all about that. The helpful people at Google ran some tests for me, and I was able to track down the source of the problem. The site integrates with an SMF forum via the SSI.php file, and someone snuck some code into the forum somehow, and then the redirect was included into the main part of the site…


Leave a Comment