My WordPress website is hacked. URLs redirections. Impossible plugins installation.
If Google search gives the results with your domain name and unexisting URLs that redirect to completely another website, it means that your website was hacked.
Problem 1: your WordPress website URLs redirect to completely another website
Your website URLs appears with strange subpages in Google search results. What's more, these subpages, HTML files do not exist on the server and you also discovered the massive increase of crawling errors in Search Console.
In this case, it may occur that you need to deal with the infected file index.php located in the main WordPress installation directory. This file may contain suspicious entries and you can immediately see that this is not the original content.
Do your website URLs look similar like in the example? Check it simply entering your domain in Google and take a look if the displayed URLs really lead to your website content.
Here's the code snippet (very messy) of index.php
What should you do now? How to solve the problem with redirect links?
In my opinion, the best way to start searching for an infection is to make a copy of the page, eg using the Duplicator plugin. After downloading and unpacking the package, we search the entire folder using GGrep.
In the above example, suspicious subpages were redirected to the address of the spammer page, so I typed its address in the GGrep application. It found references to this address in the index.php file.
The next step is to overwrite the infected file with a “healthy” file from the installation WordPress package downloaded from wordpress.org.
Problem 2: I can't install a plugin on my WordPress website
Together with the hacked redirect links on WordPress website may appear other problem, you may not be discovered yet. Check if you are able to install a plugin, probably the menu item for Installing a plugin disappeared.
To solve this problem edit wp-settings.php and delete the line:
define( 'DISALLOW_FILE_MODS', true );
The site started to work correctly, what else is worth doing to prevent WordPress website from hackers?
- Overwrite files of our Wordpress installation with files from the original package (the same version that we have).
- Scan a previously downloaded copy of our site using an antivirus program, maybe some other files except WordPress's files are infected, for example, a plugin.
How could this happen that my WordPress website has been hacked?
A good question, but there is no definite answer. Here are some possibilities:
- The old version of WordPress
- Old plugins
- Hacking into the FTP server
- Hacking into the Wordpress panel