[ad_1]
Any idea where I can look to find the source of this re-direct? Or if there are any free plugins that can show me where it’s coming from? Should I check somewhere in the database?
When I type the URL in the browser, or click the URL in the Google search it redirects me to a spam website.
[ad_2]
Your website has been hacked, you can try installing Wordfence free version as a first step
Doesn’t matter where it’s coming from, your site has been comprised, likely because of outdated or nulled plugins. As u/mangandini said, install Wordfence and run a scan.
What you have is an extremely common form of PHP malware that targets WordPress sites. Some variants hide themselves to make it harder for the site admin to notice, but it sounds like you got one that’s a bit easier to see.
The general solution is to:
1. Identify and get rid of the malware, either by restoring your last good backup or using a tool like WordFence.
2. Patch whatever vulnerability allowed the malware to get in. In the vast majority of cases, WordPress hacks come in through an outdated or no-longer-updated WordPress plugin. Go through your plugins and update them all, set them to auto-update, and replace/remove any that haven’t been updated by the developer in the past year. Also, try to minimize the number of plugins you have in general for security and performance reasons.
3. Remove any suspicious users (especially admins and editors) and make everyone change their password.
4. Use a combination of WordFence, Cloudflare, and whatever your host offers like ModSecurity to help ward off automated attacks.
Can you get into the site, or is admin redirected to? If you can’t get in to run tools like wordfence, like others mentioned, delete your .htaccess file. I’ve seen a lot of less-than-sophisticated takeovers of the htaccess file causing a blanket redirect. WP will attempt to create a new one if it’s missing, and it’ll let you in long enough to install some security tools…assuming thats the issue of course, it *could* be a lot of different things.