Is your WordPress website redirecting users to
best-winplace.life? If yes, then your website might be hacked. The famous WordPress redirect hack is one of the most exploited WP hacks.
Recently I can across this issue with few websites where some of the pages where keep getting redirected to another website. The hosting provider marked the “wp-include” directory as an infected area so I simply replace it with a fresh copy from https://wordpress.org/download/.
But that didn’t work, I still had that redirect issue, So I tried a bunch of security plugins and keep getting all the green lights from each one but nothing worked.
After spending 3 days looking for the issue I decided to go through everything manually so I started looking for it and found this plugin. Yea, I know what you are thinking, this is the first thing you should do but because I couldn’t find it inside WordPress and each security plugin was giving me a green thumbs-up i never bother looking for it in on the server.
This hack is achieved by a hidden plugin, the plugin is coded to hide in the WordPress plugins area but you should be able to find it in your Cpanel or File Manager. A plugin called “Zend Fonts WP” and you should be able to find it in the “wp-content/plugins” folder.
How to Fix It!
- Go to your Cpanel
- Click on File Manager
- Go to the “wp-content/plugins” folder and look for “Zend Fonts WP” folder
- Delete it
You may also consider
Furthermore, attackers can infect the website by injecting code in any of the core files on WordPress. Check these files for malicious codes:
- Theme files (
.js) files on the websites. This includes the JS files in the plugin, theme folders, etc. The same obfuscated code is usually added at the top of each JS file.