REDIRECT MALWARE · WORDPRESS · REMOVED
WordPress redirect malware removal.
Manual removal of the redirect. I find how it got in, close it, and write you a report. Flat $279.
MECHANISM
A hijacked redirect is hard to see and easy to lose money to.
The attacker plants code in your site that sends visitors to a different website. Sometimes it's a scam, sometimes affiliate spam, sometimes worse. It usually only fires for certain visitors — mobile users, people clicking from Google, first-time IPs — which is why the site owner often doesn't see it themselves.
It can live in a PHP file, in the database, or in the server's rewrite rules. I check all three. I remove it, find out how it got in, and close that door before I hand the site back.
01 SELECT option_name, option_value 02 FROM wp_options 03 WHERE option_name IN ('siteurl', 'home'); 04 05 // If either points anywhere other than your domain, 06 // the redirect has already overwritten core URLs.
What I remove
Three places. I check all three.
-
TRIAGE
I reproduce the redirect with the same User-Agent and referrer that triggers it — no guessing.
-
FILES
PHP loaders in theme, mu-plugins, and wp-includes — removed by diff against a clean WordPress.
-
DATABASE
wp_options.siteurl restored; injected scripts pulled out of wp_posts; autoloaded payloads purged.
-
REWRITE RULES
Malicious .htaccess directives stripped; protective rules added.
-
GOOGLE
Reconsideration filed with Safe Browsing; affected URLs re-indexed via Search Console.
-
REPORT
Plain-English forensic write-up, entry vector identified, what to change before I hand back the keys.
Pricing
Cleanup
$279
flat, one-time, per site
Manual cleanup, entry-vector identification, written forensic report.
Start a cleanupMonitoring
$29 / mo
per site, cancel any time
Continuous monitoring, hardening, one cleanup per year included.
Get protectedPart of threatover's broader security practice. Penetration testing, bug bounty consulting, triage, and security advisory.
See all services →Email [email protected] or use the contact form.