[ad_1]
Every time I go to my website and click around I am redirected to shbzek and from there to different sites like data and analytics, vpn install etc.I run an ecommerce site with payment setup so freaking out a little.
I got wordfence and ran a scan the first time I noticed it. It identified a malware and I let wordfence do its thing and repaired the files. 2 days later, I am still having the same issue. I am not using any excessive plugins and no new or not established plugins. My wordpress, plugins, php everything is updated. Hosting provider is Namecheap. I ran the namecheap recommended virus scan from cpanel and also the Wordfence scan and both came out clean. I am so confused on what to do next.
How do I remove this?
​
[ad_2]
Try doing a dump of the database and grep that for one of the URL’s that you get bunted to. That’ll let you where it’s lurking.
It’s almost certainly been injected, either into wp_posts or wp_options usually.
I doubt there’s injection in the DB – in my experience that type of infection is rare. My guess is that whilst you may have cleaned the site, you didn’t fix the problem – you are using a vulnerable plugin or theme, something that is either out of date, abandoned, or nulled. Find and remove that, *then* clean the site.
You should ask for professional help, seriously.
Wordfence doesn’t scan everywhere. I had this recently where a client had an admin account called admin with a stupid simple password. All of a sudden, the site was redirecting to a Japanese sweing machine site. This thing was virulent. It change file and directroy permissions so I couldn’t delete them. If I erplaced the infected index.php, it was reinfected in seconds.
I ended up remaking the site from a backup to a clean location, and nuking the infected site from space.