Archive

How to solve the redirection error of your hacked website and, how to get back your hacked website

Are you facing a redirection error? Your site is redirecting to some spam URLs? When you want to access your site and suddenly you see that your site is navigating to somewhere else. Do you want to solve the redirection error? Honestly, I can tell you that it’s a very hard and time-consuming process to find where the issue is. It does not happen automatically its often happens when some hacker gains access to your site and adds spam URLs in parts of your website. In this article, I am going to explain the solution to this redirection issue from my personal experience. After following this guide you will be able to solve your issue but I will share my experience so maybe you can solve your error by following this guide. I will tell you the whole of the situations I faced and how I solved it.

A new client who wanted to shift his sites to Cyberhosting told us that one of his sites is facing redirection issues and he is not even able to gain access to the WordPress admin dashboard. Before telling you the whole store I will state some points which are maybe the cause of the redirection issues.

  1. Outdated Plugins
  2. Change URLs in the Databases
  3. Default themes files
  4. WordPress Files
  5. General settings URLs

I would like to start one by one the problems encountered and tell you how I solved the problems that I faced. Honestly, speaking that the main part is to find where is the problem. Once you get that 80% of the problem is solved (From my point of view may be in your case your view is different). Now I am going to tell you the whole story of problems and solutions with intervals 🙂 .

Infected Database Problem:

When i face this problem for the first time. It was very complicated at that point I was unable even to gain access to the WordPress admin dashborad. Its very tough to know the reason if your first problem is accessing the WP_ADMIN. In this case I decided on a brief check before going into deep analysis of files and searching for the problem there. One of our team members suggested to me to check the database and it was here in the WordPress setting that I discovered the URLS have been changed. So, your first question is where are the URLs in the database? I am going to tell you the way to check and solve the issue.

How to check and solve the Database issue:

First of all, you have to know where to access your database. If you are familiar with the PHPMyadmin in your control panel and know how to access then you can leave this part and access the database of your WordPress which you need to fix. Otherwise, stay with me and follow the guide. Here I will tell you how to access the database in CyberPanel. if you have any other panel go and search for the access process.

How to access database using PHPMyadmin in CyberPanel

Its very easy to access PHPMyadmin in CyberPanel. (Easy for me may be hard for you ). First of all go to the Database->PHPMyadmin.

solve the redirection error

You will see this screen which asks you to provide the credentials to login provide.

image 4

But what if you don’t have the credentials to log in. Actually, when I was investigating I also didn’t have the credentials to log in. But wait don’t worry I will tell you from where you can get the credentials to log in. Go to the file manager and edit the wp-config.php file here you can find the username and password to log in.
Once you logged into the PHPmyadmin go and find the table wp-options tables.

image 8

And check the home URL and site URL if they are not the same as your site and showing some else like me you have to replace these to your original site. I followed this process to solve the issue for the first time. I found it there and solved it using this process. Maybe in your case, the issue is different and you have to follow this guide to the end.

image 9

Default Theme files Issue

Again on that site after few days this issue happened again. First thing I did was to go back to the database and check the link but, surprise, everything is fine there. Now it’s a big task again to find the issue. I try to access the Admin dashboard of that WordPress site. and happy to know that it’s working. I logged in to the Dashboard and now begin to check other settings for or features, now you want to know-how.

How to check infected files through admin dashboard and resolve

I have the wordfence plugin installed on that site and I scan for intrusions. This scan took a long time to complete but the scan showed some high risk files in the default theme. I proceeded to remove the files from the scan and replaced these files with the default files for the theme. This resolved the issue and it is a solution that worked for me. But maybe in your case both solutions mentioned above do not work in which case go to next steps.

General Settings URL problem:

I found that after solving the problem with the database, as mentioned above, I was able to access the WordPress admin dashboard but after scanning the site using wordfence I was still unable to access the site. After checking the general setting of the website I found the URL of site had also been changed there.

I changed the URL of sites and after that it works. But I must say it is an extreme case. When your security is too low only then it will happen otherwise it is unlikely.

Unknown Problem (Plugins + database + files everything is changed)

I shared my experiences above about the problems that I faced on the site of client and how I solved this. But this is not it. After all these problems I still faced a final problem which took 2 days to resolve. The same client came back to us informing that his site had been hacked again. I wonder why his site had been breached yet again? But the first thing to do is to recover the site back to normal. I start working on his site I go for the database and check link links have again been changed so I use the method above to fix that, then I visited the site it’s still not working with the same redirect issue. Then I will do toward admin dashboard and start a scan, check the general settings and all that but the result is still different from the past. After doing all these I am still not able to get the site operating as normal. Then I decide first to know the reason of hacking site.

How to find the reason of hack:

There are some points that I followed to check site and maybe you cannot find the reason this way. But this is one method that you can try.

First of all I go to the plugins section of the client site and check. I discover that he has a lot of outdated plugins and most of them have available updates. I realise I have found the reason for the continued breach but what to do? how can I find the exact plugin which is insecure, changed or which is helping the hackers to breach the site. Wordfence was also not able to scan these files. May be there are a lot of infected files, too many for wordfence to report? I decide to go for a wpscan from my terminal.

Scan with wpscan

First I installed wpscan on my server and then go for the scan. I found that there are many infected files. His outdated plugins are infected. When I receive a result from terminal I go for those files and replace them with original one I got from the official sites of plugins. Or the files I already have for those plugins.

After the scan I replaced those file but not done with that I also replaced the wordpress file with original files. Let me explain exactly how to do this.

How to replace WordPress files with original files?

This is a tricky point and will be difficult for a beginner. First thing is to find you WordPress version.

Go to the file manager then public_html folder then wp-includes folder. Here you found a file name version.php. Open this file and you can see the version of WordPress that is installed.

Download the WordPress for this specific version from there official site click here to download. Download the version which is installed on your site.

image 7

After downloading upload this to your public_html folder of your site and replace it with your old files.

After doing all these i go to the site and check site is working.

Finally the problem has been resolved and I am happy to share my personal experiences on this with you guys. May be this will be helpful for you in order to solve your problem. Please let me know if you are able to solve your problem in comments. If this article didn’t help or you are unable to understand anything thing ask me.

Read More: HOW TO CHANGE TIMEZONE ON LINUX SERVER

Follow US on Facebook / Twitter  for update.