Earlier this week, I visited one of my WordPress blogs and to my surprise, I found that it was redirecting to a website with the URL of DoNotifyFriends[dot]info. I freaked out a bit and was just about to place a support ticket with my hosting provider (LiquidWeb) when I realized I could restore the website to an earlier version through my backup provider (CodeGuard). I was lucky that I hadn’t written any new posts or changed the site any in the past week, so I went ahead and restored the site to two days previous. That worked perfectly and I was a happy camper.
Just as luck would have it, I woke up two days later and the blog was hacked again. This time, the domain was forwarding to BeMyLittleTeddy[dot]info and Gearbest[dot]com. By this point, I was pretty angry and I wanted to find out what was going on. I sent in a ticket to the site host after restoring the website again to a few days previous. This was their reply:
Typically these happen from outed or insecure plugins. A few plugins recently have been getting hit hard. With a couple, even if uninstalled, they leave items behind in the database that still allow a back door to be opened. With the site not redirecting, there is little we can go on now as we would need to see the site hacked and redirecting to start to track anything down.
Totally understandable. I was hoping they could look in the log files and get an idea of what happened. That’s not likely to help much since I’m sure hackers use all sorts of IP addresses.
After this, I decided to install a security and firewall plugin on the website. After reading all sorts of reviews, I installed the WordFence plugin and am hoping this helps.
I’m wondering if anyone else has had their WordPress website or blog hacked so it redirects to some spammy sites. This is getting on my nerves.
I’ve been checking out some tech forums and have found the culprit! Lot’s of people are getting hit by this hack and it appears to be coming from an abandoned plugin. Sites with this old plugin installed are pointing to these spam domains. Everyone is looking for a solution.
The post I read that helped the most stated that the author disabled all of their plugins while the website was still redirecting. After they did this, the site was fine and it didn’t appear to be hacked anymore. Then, they began activating each plugin, one by one, in an effort to see which one was causing the redirect.
In their case, the malicious redirect was caused by the yuzo-related-post plugin, which, as I just discovered, I have installed on my site. I also discovered that this Yuzo Related Post plugin has been discontinued since March 30, 2019. I not only turned the plugin off, but I also uninstalled it. I hope this helps and I don’t get hacked again. I’m just concerned that, as my host stated, this plugin didn’t leave anything behind in the database that is keeping a back door open.
Comment: Some months back I faced this issue and didn’t get a good response from my hosting provider (Shared hosting), just for the security reasons I have moved to WordPress hosting with Cloudways managed the platform, They offer security and 24/7 daily backup, Nothing went wrong yet so far.
Reply: I guess you’re going to get bottom shelf support when you go with shared hosting, although it really does depend on what options you have, even if you’re using a dedicated server. I use CodeGuard for backups and restored my website from an earlier version of it and I’m lucky I had that version. I suppose I could have waited to learn which file was targeted and simply removed that one. The news came out with that information in just a few days. In the meantime though, my site would have been redirecting to some strange places.
What’s the moral of the story? Stay away from shady WordPress plugins that are no longer being developed and always have backups of your websites.
Comment: I had the same issue a year back when I was hosted on a shared server, It happens due to sharing the same server with multiple websites, then I found a developer who got the data back and restore my website. Then, I moved to managed hosting for WordPress by Cloudways and their platform is fully secured by firewall, they keep daily backup and run security check for websites.
Reply: Even though you’re obviously a shill for Cloudways, I’ll bite and add my two cents. I think many WordPress hosting environments offer a firewall to cover their network from things like this. I operate on a dedicated server environment though, so I’m not sure that would apply. Also, my current server also offers a firewall that’s running all the time. This particular hack circumvented that firewall and the perpetrator snuck right through. The definitions for the firewall weren’t there to block this particular attack.
I have recently installed WordFence as a plugin for my WordPress installs and it seems to be doing a good job. This plugin actually protects the entire domain, not just the directory in which WordPress is installed. It’s also free, which is nice. They do offer a paid “pro” plan though.