[ad_1]
Today I got an email from a reader saying that they were on my website and they got redirected to another website. They went back and then got redirected to an adult website.
I have the free version of Wordfence active. Today I updated to the paid version of Wordfence and did a scan but it didn’t find anything.
What are the chances that I actually have malware or is something on their end?
How else should I explore this issue?
[ad_2]
Can you share the URL of the affected page on your site?
It could be some malware on the readers computer. I’d ask for more information from the reader, maybe even a screen recording of it happening.
There is probably a good chance. If you’re unsure of common wordpress hacks, the best method is to check the affected URL from another computer or IP that you haven’t logged into.
It can be difficult to detect / remove, especially if you’re not familiar with WP core files and server.
If you have been compromised, chances are there is a backdoor installed on your site somewhere or everywhere. You should check your files for non wp core files and remove any plugins you don’t recognise. In most cases, a plugin allowed a hacker in, one client of mine had 181 plugins when they came to me and wondered why their site was slow and being compromised.
Also, check the file permissions folder permissions should be set to 755, and most file permissions need to be set to 644, and your database, in particular your users as there may be hidden admins that you can’t see through the WP UI.
Also, check your .htaccess for “strange code” you can actually delete or rename it and visit your site to generate a new one
Add the following as well to help secure it:
“`
<Files wp-login.php>
order deny,allow
Deny from all
# whitelist Your own IP address
allow from xx.xxx.xx.xx
#whitelist some other user’s IP Address
allow from xx.xxx.xx.xx
</Files>
“`
If you have the money to spend on Wordfence Premium, you can probably afford to hire a professional to deal with this for you. An ethical provider should provide a free consultation to confirm there is malware before taking on the project, so if there isn’t any malware, it shouldn’t cost you anything if you go that route.
Any chance you’re using a sketchy ad provider such as Adsterra? They’re known to secretly push ads to visitors that redirect.
It could easily be something on the reader’s end.
Just to rule things out on your end – do you have any ads on your site? I had a problem with malvertising a few years back and it was a giant pain to remedy since it was essentially AdSense approving bad ads. They would only trigger a sketchy redirect once per 24 hour period, so it took a while to both diagnose then fix.
I’d ask the reader what specific page they were on, then try loading it in as many different browsers & devices each day for a week or so just to rule this out.
Could be an attempt to get longer from you to “fix” the hack. Are you sure this is a legitimate user?