How to stop redirects and prevent attacks on WordPress?

The last few months have brought considerable challenges for users of the WordPress platform. Since April, the internet has been flooded with news about new plugins added to the list of malicious ones. Once installed or updated, these plugins introduce malicious code capable of generating redirects to landing pages that promote services or products.
Attackers, often automated bots, take advantage of vulnerable versions of these plugins. Online store owners have felt the consequences of these attacks firsthand, as repeated redirects at short intervals do not contribute at all to a positive shopping experience. Many victims of these attacks were WooCommerce users, the e-commerce solution provided by WordPress, who noticed that something was wrong.
To understand what happened and how to fix the problems on affected sites, it is essential to explain what malicious redirects are. A harmful redirect is the result of automatically inserting code into the website, intended to redirect visitors to other sites. These redirects are often implemented by attackers to generate traffic for advertisements, but they can also have more serious effects, such as infecting visitors’ computers with viruses.
Most site owners are unaware of their site’s uncontrolled redirects until a customer points out that they ended up on an unexpected page. Often, owners try to reproduce the problem, observing that everything seems fine on their computer, while visitors on mobile devices experience unwanted redirects. These redirects can appear on certain pages or even before the site loads.
Techniques Used for Malicious Redirects
Modifying the
Modifying WordPress PHP files: Malicious redirects can be found in WordPress PHP files, such as
Installing a malicious plugin or theme: Hackers can induce site owners to involuntarily install a fraudulent plugin or theme, as was the case with the “ilovedc” plugin, which modified the
Infecting JavaScript files: Redirect attacks can inject malicious JavaScript code into the site’s
Solutions for Eliminating Malicious Redirects
To address these issues, We will share some solutions based on our personal experience. We encountered similar difficulties with online store sites and discovered two effective methods.
Using a Security Plugin: We installed a plugin called SUCURI, which was extremely useful. It can detect problematic files in the “WordPress Integrity” section. If the plugin identifies a suspicious file, it is important to remove it and clean up the site.
Reviewing Logs: It is essential to inspect logs to identify unauthorized login attempts. If you notice a large number of login attempts with different IPs, it is recommended to restrict access to the
Preventive Measures for the Future
To prevent such attacks in the future, it is crucial to take the following measures:
Improve Passwords: Use complex passwords and change them regularly to reduce the risk of brute-force attacks.
Install Security Software: Use a WordPress security plugin that scans files and identifies unauthorized changes.
Verify Themes: Install a theme verification plugin, such as Theme Check, to ensure themes comply with security standards.
Get Plugins from Trusted Sources: Only use plugins and themes from official sources and check reviews before installation.
Update Themes and Plugins: Keep all themes and plugins up to date to reduce vulnerability risks.
Regular Backups: Make regular backups of your site so you can quickly restore it in case of attacks.
Change Web Hosting: Consider migrating to a web host specializing in WordPress that offers automated security tools.
Conclusion
We hope these tips will help you protect your site and avoid malicious redirects. If you need further assistance, do not hesitate to contact us. We wish you much success!
Attackers, often automated bots, take advantage of vulnerable versions of these plugins. Online store owners have felt the consequences of these attacks firsthand, as repeated redirects at short intervals do not contribute at all to a positive shopping experience. Many victims of these attacks were WooCommerce users, the e-commerce solution provided by WordPress, who noticed that something was wrong.
To understand what happened and how to fix the problems on affected sites, it is essential to explain what malicious redirects are. A harmful redirect is the result of automatically inserting code into the website, intended to redirect visitors to other sites. These redirects are often implemented by attackers to generate traffic for advertisements, but they can also have more serious effects, such as infecting visitors’ computers with viruses.
Most site owners are unaware of their site’s uncontrolled redirects until a customer points out that they ended up on an unexpected page. Often, owners try to reproduce the problem, observing that everything seems fine on their computer, while visitors on mobile devices experience unwanted redirects. These redirects can appear on certain pages or even before the site loads.
Techniques Used for Malicious Redirects
Modifying the
.htaccess file: Every WordPress site has an .htaccess file that regulates how the web server handles files. Hackers can modify this file to add malicious redirects, directing all visitors to another website.Modifying WordPress PHP files: Malicious redirects can be found in WordPress PHP files, such as
index.php, header.php, footer.php, and functions.php. These files are often executed by WordPress, making them attractive targets for attackers.Installing a malicious plugin or theme: Hackers can induce site owners to involuntarily install a fraudulent plugin or theme, as was the case with the “ilovedc” plugin, which modified the
.htaccess file to introduce harmful redirects.Infecting JavaScript files: Redirect attacks can inject malicious JavaScript code into the site’s
.js files. This code may include long sequences of hexadecimal characters that facilitate uncontrolled redirects.Solutions for Eliminating Malicious Redirects
To address these issues, We will share some solutions based on our personal experience. We encountered similar difficulties with online store sites and discovered two effective methods.
Using a Security Plugin: We installed a plugin called SUCURI, which was extremely useful. It can detect problematic files in the “WordPress Integrity” section. If the plugin identifies a suspicious file, it is important to remove it and clean up the site.
Reviewing Logs: It is essential to inspect logs to identify unauthorized login attempts. If you notice a large number of login attempts with different IPs, it is recommended to restrict access to the
wp-admin folder by generating a new, password-protected .htaccess file.Preventive Measures for the Future
To prevent such attacks in the future, it is crucial to take the following measures:
Improve Passwords: Use complex passwords and change them regularly to reduce the risk of brute-force attacks.
Install Security Software: Use a WordPress security plugin that scans files and identifies unauthorized changes.
Verify Themes: Install a theme verification plugin, such as Theme Check, to ensure themes comply with security standards.
Get Plugins from Trusted Sources: Only use plugins and themes from official sources and check reviews before installation.
Update Themes and Plugins: Keep all themes and plugins up to date to reduce vulnerability risks.
Regular Backups: Make regular backups of your site so you can quickly restore it in case of attacks.
Change Web Hosting: Consider migrating to a web host specializing in WordPress that offers automated security tools.
Conclusion
We hope these tips will help you protect your site and avoid malicious redirects. If you need further assistance, do not hesitate to contact us. We wish you much success!
