Is your WordPress website redirecting users to makethisdaygood.com/main or best-winplace.life? If yes, then your website might be hacked. The famous WordPress redirect hack is one of the most exploited WP hacks.
Recently I can across this issue with few websites where some of the pages where keep getting redirected to another website. The hosting provider marked the “wp-include” directory as an infected area so I simply replace it with a fresh copy from https://wordpress.org/download/.
But that didn’t work, I still had that redirect issue, So I tried a bunch of security plugins and keep getting all the green lights from each one but nothing worked.
After spending 3 days looking for the issue I decided to go through everything manually so I started looking for it and found this plugin. Yea, I know what you are thinking, this is the first thing you should do but because I couldn’t find it inside WordPress and each security plugin was giving me a green thumbs-up i never bother looking for it in on the server.
This hack is achieved by a hidden plugin, the plugin is coded to hide in the WordPress plugins area but you should be able to find it in your Cpanel or File Manager. A plugin called “Zend Fonts WP” and you should be able to find it in the “wp-content/plugins” folder.
How to Fix It!
- Go to your Cpanel
- Click on File Manager
- Go to the “wp-content/plugins” folder and look for “Zend Fonts WP” folder
- Delete it
- Done!
You may also consider
Please also consider hardening your website security using a security plugin such as iThemes Security, Wardfence or Securi. Even their free versions come with a lot of awesome features.
Furthermore, attackers can infect the website by injecting code in any of the core files on WordPress. Check these files for malicious codes:
index.phpwp-config.phpwp-settings.phpwp-load.php.htaccess- Theme files (
wp-content/themes/{themeName}/)footer.phpheader.phpfunctions.php
All JavaScript files
Some variants of the redirection malware infect ALL the JavaScript(.js) files on the websites. This includes the JS files in the plugin, theme folders, etc. The same obfuscated code is usually added at the top of each JS file.
