A redirect hack is one of the most common WordPress malware infections. Hackers inject malicious code into your website and secretly redirect visitors to spam, scam, phishing, gambling, or malicious websites.
In many cases, website owners do not notice the infection immediately because redirects may only affect:
- Mobile visitors
- Search engine traffic
- First-time visitors
- Visitors coming from Google search
A hacked redirect can damage your SEO rankings, reduce user trust, trigger browser security warnings, and even get your website blacklisted by Google.
In this complete guide, you will learn how to identify, remove, and prevent malicious redirects in WordPress.
Related WordPress Security Guides
- If your website is already hacked, check our WordPress Malware Removal Service for complete malware cleanup and security hardening.
- If spam pages are appearing in Google results, read our Japanese Keyword Hack Removal Guide.
- Seeing Google security warnings? Follow our Google “This Site May Be Hacked” Fix Guide.
- Want to learn the complete malware cleanup process? Read our How to Remove Malware from WordPress guide.
What Is a Redirect Hack?
A redirect hack happens when attackers inject malicious code into a website and automatically send visitors to another website without permission.
The destination may include:
- Spam websites
- Phishing pages
- Fake software downloads
- Gambling websites
- Adult websites
- Scam pages
- Malicious advertisements
This type of malware is also known as:
- malicious redirect malware
- WordPress redirect malware
- hacked website redirect
- SEO redirect spam
- browser redirect virus
Browser redirect examples:
- Google Chrome redirect virus
- Safari redirect malware
- Android browser redirect spam
- Fake update redirects
- Casino redirect malware
Signs Your WordPress Website Has Redirect Malware
Your website may be infected if you notice any of the following signs.
1. Website redirects to another website
Visitors may suddenly get redirected to:
- spam pages
- casino websites
- suspicious advertisements
- fake update pages
Sometimes redirects only happen on mobile devices.
2. Redirects happen only from Google search
Many redirect hacks target search engine visitors only. Direct visitors may see the normal website while Google visitors get redirected elsewhere. This technique is called cloaking.
3. Sudden traffic drop
Malicious redirects can damage search rankings and user trust, causing SEO traffic loss.
4. Google security warnings
You may see warnings like:
- This site may be hacked
- Deceptive site ahead
- Malware detected
5. Unknown JavaScript code appears on website
Hackers often inject malicious scripts into:
- header.php
- footer.php
- functions.php
- wp-config.php
- .htaccess
Common Causes of Redirect Hacks
Redirect malware usually enters through security vulnerabilities.
Outdated plugins and themes
Old plugins are one of the biggest causes of WordPress redirect malware.
Nulled themes and plugins
Pirated themes often contain hidden malware and backdoors.
Weak passwords
Weak admin passwords make brute-force attacks easier.
Infected hosting account
Sometimes malware spreads between websites on shared hosting.
Vulnerable admin accounts
Attackers may gain access through compromised administrator accounts.
Why Does My WordPress Website Redirect Only on Mobile?
Some redirect malware targets only mobile visitors to avoid detection by website owners. Hackers often use JavaScript or conditional redirect rules that activate only for mobile devices or visitors coming from Google search results.
This type of mobile redirect hack is common in infected WordPress themes, nulled plugins, and compromised JavaScript files.
How To Find Redirect Malware in WordPress
Check your website in Incognito Mode
Open your website in:
- Incognito mode
- Different browser
- Mobile device
Some redirects only affect specific visitors.
Scan website files
Look for suspicious code inside:
/wp-content/themes/ /wp-content/plugins/ /wp-content/uploads/
check the following code inside these files. These functions are commonly used to hide malware.
eval(base64_decode()) gzinflate() str_rot13()
Check .htaccess file
Hackers frequently inject redirect rules into .htacess file.
Example of suspicious redirect code:
[phpRewriteEngine OnRewriteCond %{HTTP_REFERER} google\.com [NC] RewriteRule ^(.*)$ http://spamwebsite.com [R=302,L][/php]
Inspect wp-config.php
Hackers may inject malicious code inside wp-config.php. Remove unknown code carefully.
Check scheduled tasks and database
Some malware creates hidden database injections and scheduled malware tasks. Inspect:
- wp_options
- wp_posts
- cron jobs
Check for Suspicious WordPress Admin Users
Hackers sometimes create hidden administrator accounts to regain access after malware cleanup. Review all WordPress users and delete unknown administrator accounts immediately.
How To Remove Redirect Hack From WordPress
Step 1: Backup your website
Create a complete backup before making changes. Backup the following files:
- website files
- database
- themes
- plugins
Step 2: Put website in maintenance mode
Prevent further damage during cleanup.
Step 3: Remove suspicious plugins and themes
Delete:
- unused plugins
- nulled themes
- suspicious extensions
Reinstall trusted plugins from official sources.
Step 4: Clean infected files
Remove malicious code from:
- functions.php
- header.php
- footer.php
- wp-config.php
- .htaccess
Delete hidden PHP files from uploads folder.
Step 5: Replace WordPress core files
Download a fresh copy of WordPress and replace:
- wp-admin
- wp-includes
Do not overwrite:
- wp-content
- wp-config.php
Step 6: Scan and clean database
Remove:
- malicious scripts
- spam links
- injected redirects
from database tables.
Step 7: Change all passwords
Reset passwords for:
- WordPress admin
- hosting account
- FTP accounts
- database users
Step 8: Remove backdoors
Hackers often leave hidden access points behind. Backdoors allow malware to return after cleanup.
Step 9: Clear cache
Clear:
- browser cache
- WordPress cache
- CDN cache
- server cache
Old malware files may still load from cache.
Step 10: Request Google review
If your website was flagged by Google:
- Clean the website
- Remove malware
- Request review in Google Search Console
Common Files Modified During Redirect Hacks
Hackers commonly inject malware into:
| File | Purpose |
|---|---|
| .htaccess | Redirect visitors |
| wp-config.php | Load malicious code |
| functions.php | Inject malware scripts |
| header.php | Add redirect JavaScript |
| footer.php | Hidden spam scripts |
| index.php | Load malicious payload |
How To Prevent Redirect Hacks
Keep WordPress updated
Always update:
- WordPress core
- plugins
- themes
Avoid nulled software.
Never install pirated themes or plugins.
Use strong passwords
Use secure passwords with:
- uppercase letters
- numbers
- symbols
Enable two-factor authentication
Two-factor authentication improves login security.
Install website monitoring
Security monitoring can detect:
- malware
- file changes
- suspicious activity
- login attempts
Take regular backups
Regular backups help restore websites quickly after attacks.
Real Example of Redirect Malware
One hacked WordPress website appeared normal to administrators but redirected mobile visitors from Google search results to spam gambling websites.
The attackers had injected hidden JavaScript code inside the theme footer file along with malicious redirect rules in the .htaccess file.
After malware cleanup, password resets, and security hardening, the redirects stopped and Google warnings were removed.
How Long Does Redirect Hack Recovery Take?
Recovery depends on the severity of infection.
Typical timeline:
| Recovery Step | Estimated Time |
|---|---|
| Malware cleanup | Few hours |
| Google review | Several days |
| Redirect removal from search | 1–3 weeks |
| SEO recovery | Several weeks |
Frequently Asked Questions
Can redirect malware affect SEO?
Yes. Redirect malware can damage rankings, reduce trust, and trigger Google security warnings.
Why does my website redirect only on mobile?
Some malware targets only mobile visitors to avoid detection.
Can redirect malware return after cleanup?
Yes. If hidden backdoors remain, attackers can reinfect the website.
Will deleting plugins fix redirect malware?
Not always. Malware may also exist in themes, database tables, or WordPress core files.
How do hackers add redirects to WordPress?
Hackers commonly inject malicious code through vulnerable plugins, weak passwords, or infected themes.
Final Thoughts
A redirect hack can seriously damage your website traffic, SEO rankings, and user trust. Simply removing visible redirects is usually not enough because hidden malware and backdoors may still remain on the server.
A complete cleanup should include:
- malware removal
- redirect cleanup
- database scanning
- password resets
- security hardening
- ongoing monitoring
Fixing the root cause is the best way to prevent future redirect infections.