[ad_1]
WordPress website redirects to another domain. I use cloudflare.
What I have done and checked:
\-no redirect from cloudflare, checked DNS and are ok
\-no redirect from cpanel
\-htaccess is clean
\-index.php is clean
\-searched inside files and no mention of the domain
\-searched for base64\_decode but no strange file came up
\-searched the database and also the URL, but nothing seems wrong
I can’t even temporarily take down the domain, I tried blocking in htaccess but whatever redirect is happening doesn’t seem to go through htaccess.
When I access wp-admin I actually get taken to to the other domain’s login page.
Need ideas.
[ad_2]
There’s likely a rogue file somewhere within your other wp folders, including index.php or .htaccess files within the wp-content folder or something like that buried deeper in the directory structure.
What makes your WordPress site uniquely yours is the wp-content folder and the database, so my approach to most hacked sites is just to install a fresh WordPress install and then replace the wp-content folder and overwrite the database to restore the site.
So for example, what I’d do is drop everything in the database and then reimport the database. Then delete everything but the wp-config file (as long as everything inside of it is default), and then reupload all the core WP files (wp-admin, wp-includes, index, etc). Then upload your wp-content folder from the original site. Now, the tricky part is whether anything the wp-content folder is malicious. There’s a couple of approaches and the first is to manually review anything obviously malicious.
Then I use WordFence security plugin immediately following that to check for changed files, but this has limitations as it compares to what the default repository files suggest.
It’s a good idea to manually review those files before cleaning or removing them, as sometimes an author will perform a very small change (like even as simple as typo fix) and it can become a false flag of malicious changes that will break the site if you delete the file per the suggestion without review.
​
I do offer WordPress hack repair with a money back guarantee, but it’s not cheap as it’s time consuming to methodically review things.
​
Some things you might look into and fix would be:
Are there any weird .jpg content (i.e. joadsifhsdohf.jpg) in the active_plugins records of the database?
Change DB passwords and then update it in wp-config.
Verify the DB Users – Sometimes rogue accounts can get database access, so delete those users. WordPress only needs the one database and database user that’s created at installation.
Verify DB Prefix – make sure the prefix of the db matches the one in wp-config.
Generate New WP Salts for wp-config – Use the WordPress salt generator and then just copy over the top of the existing salts. Changing salts will force everyone to be logged out, even legit users, and then of course change passwords for everyone and make sure there are no bad user accounts that shouldn’t belong.
Delete Unused Themes and Plugins – This ensures there’s no rogue code in them because it can’t be rogue if it doesn’t exist. Install fresh version if necessary from the repository.
“Another domain”… as in, one you own, or the malware developer/pharma? If it’s one you own, the it just sound like a config/cache issue.
Download the WP zip from WordPress.org. Install it over the top of the installation. That will generally allow you to log into the admin.
It sounds like your website may have been compromised by malware. To remove the malware and restore your website, you can try the following steps:
Backup your website: Before making any changes, it’s important to back up your website files and database so you can restore them if something goes wrong.
Scan your website: Use a malware scanner such as Sucuri or Wordfence to scan your website for malware and identify the infected files.
Remove the malware: Once you have identified the infected files, remove them from your website. You can also use a plugin such as Wordfence to automatically remove the malware for you.
Change all passwords: Change the passwords for your website, hosting, and email account to prevent further access to your website.
Update software and plugins: Update your WordPress software, themes, and plugins to their latest versions to ensure that you have the latest security patches.
Monitor your website: Keep an eye on your website for any suspicious activity and scan it regularly for malware.
Consider professional help: If you are still having issues even after following these steps, consider hiring a professional website security company to help you clean your website.
It’s also important to note that you should check all the devices that have access to your website, such as your computer, mobile, or other devices that have been used to access the website, to ensure that they are clean from malware as well.
Did you check and see if there was anything added to your functions.php file?
1) Double check you still own the domain and it’s sitting on your registrar.
2) Do you have any backups of the website? Might be smart to just back it up 48 hours before the hack started.
if you have ssh access you can run this WP-CLI command which should check if the core WordPress code was modified in some way. Actually you can also the hosting support to run it for you and send you the output.
`wp core verify-checksums`