Security

WordPress Redirecting to Spam Sites? Here is the Fix (2024 Guide)

Is your WordPress site redirecting to Japanese spam or pharmacy sites? You are hacked. Follow this urgent guide to clean the malware and secure your DB.

KloudBoy Security Team
Engineering Team

If you clicked on your own website and suddenly found yourself on a gambling, pharmacy, or adult site, panic is the correct first reaction.

Your site has been compromised with the infamous “WordPress Redirect Hack”.

This is not just a glitch. Hackers have injected malicious JavaScript or PHP code into your core files or database to steal your traffic. Google will soon ban your site (the dreaded “Red Screen of Death”).

You need to act NOW.

Step 1: Confirm the Hack

Sometimes the redirect only happens for new visitors or mobile users (smart method to hide from admins).

  1. Open your site in Incognito Mode.
  2. Check your site on a mobile device (turn off WiFi to use mobile data).
  3. Use a tool like Sucuri SiteCheck.

Step 2: The Cleanup (Do NOT skip anything)

1. Check index.php and wp-blog-header.php

Hackers love these files. Open them via FTP or File Manager.

  • Look for: Obfuscated code that looks like eval(base64_decode(...)) or long strings of random characters at the very top of the file.
  • Fix: Compare these files with a fresh download of WordPress from wordpress.org. Replace them if they look different.

2. The .htaccess Trap

Often, the redirect happens before WordPress even loads.

  • Open your .htaccess file.
  • Look for strange rewrite rules involving random domains or IP addresses.
  • Fix: Delete the .htaccess file and specificy a clean default WordPress one.

3. The Database Injection (The Hard Part)

Modern hacks hide in your database, specifically in the wp_posts or wp_options tables.

  • They inject <script src='malware.js'></script> into every single post content.
  • Fix: You need to run a SQL search-and-replace command. 
    UPDATE wp_posts SET post_content = REPLACE(post_content, '<script src="http://malicious-domain.com/bad.js"></script>', '');
    (Warning: Backup your DB before running SQL commands!)

Step 3: Close the Backdoor

Cleaning the hack is useless if you don’t close the hole.

  1. Change all passwords: WP Admin, FTP, and Database.
  2. Update Plugins: The #1 cause of this hack is an outdated plugin (often Elementor or Slider Revolution).
  3. Check for “Ghost Admins”: Go to Users > All Users. Delete any admin user you don’t recognize.

The “I Can’t Fix It” Option

If this sounds too technical, or if the malware keeps coming back (it often hides in multiple places), do not waste time. Every hour your site is down costs you SEO ranking.

We can fix this in < 2 hours.

Our Emergency Malware Removal Service includes:

  • Complete file & database scanning.
  • Backdoor removal.
  • Google Blacklist removal request.
  • 30-day guarantee.

Get Help Now →

Slow hosting killing your growth?

Switch to the same OpenLiteSpeed tech we benchmarked above. We migrate for free.

Migrate to OLS Cloud