This will a little off-topic for my website as my website is about SEO but I’m sharing “fix hacked WordPress site” article. But I want to explain to you that the hacked site has a huge impact on ranking.

My Hacked Site Case Study

A few months back one of my sites was drastically improving its ranking in Google you can see in the image below.

hacked wordpress site

And suddenly it was dropping it SE ranking.

I was confused and terrified. I thought maybe the competition getting difficult and I started making backlinks.

But still I didn’t see any outcome.

After few months later I received a message from Google webmaster saying:

we’re removing your site from search engine unless you fix it because we want to protect our user from such malicious visit.

Google webmaster has given me a lead of hacked URL injection that the hacker has injected into my WordPress site.

My wordpress site redirects to another site which was so annoying and spammy .

By the way thanks to Google for informing me and see how I fixed it.

WordPress Hacked Redirect, how I detected and cleaned it

I logged in to my server and chose the infected site from the file manager.

hacked redirects

As you can see a file name “cdtjj20p.php” has been injected by a hacker because I haven’t uploaded it and if we open the file we get spammy code like this.

hacked redirects wordpress

This types of files were everywhere on my site for example header, footer, and .htaccess file.

It was difficult for me to find these types of files and then I just a found a plugin named Wordfence.

So now let’s remove this malware and hacked files from the site.

How You Can Remove Malware From Your WordPress Site


1: Install the plugin name Wordfence on your WordPress site.

scan hacked injections

2: Click scan under Wordfence>>Scan and the scanning process will take 2-3 minutes depends on your website size.

3: After that, you’ll see all the hacked and edited files which were injected by the hacker.

4: The final step is just delete and repair those files by clicking.

delete hacked files

All the hacked and redirected injection will be removed I guarantee you.

Final Though,

The WordPress is an opensource so that anyone can access your files. It’s recommended to check your site and scan it weekly by Wordfence.

And also improve your site password strength, hide your wp-login URL, and enable the option Bruteforce blocker from Wordfence.

So don’t underestimate hackers, always be ready for them or else your brand will be nowhere.

Leave a Reply

Your email address will not be published. Required fields are marked *