This one needs manual intervention and some… “skills”. Before you read further and try to solve this one, you’ll need to establish that this is in fact the type that I’m covering in this article. If it’s a file infection then malCure Malware Removal & Firewall should be able to scan and indicate the problem file.
If you open the web-page, it will redirect in no time. You can’t really trust browser’s built-in Developer Tools because the inspector can’t really tell what kind of redirect it is.
The idea is to inspect the source-code of the WordPress page. For that you’ll have to view the source-code without actually visiting the URL.
Type the URL in the following format into the browser’s address-bar:
After fixing so many websites, here’s an example I remember:
The clean up routine consists of:
- Replacing it (with nothing).
- Verifying the redirect is gone.
- Identifying the root-cause
Prior to replacing anything take a full backup of your website.
For the replacement part I trust a good code editor like VS Code. Export the database as an sql file, open in VS Code, do a find and replace and save the file.
In phpMyAdmin you’ll need to drop all the tables in the infected database and import the cleaned up file. If all went well, your site will be back. Voila!
The most common cause of this infection is misuse of the “Database Search and Replace Script” or any other script that has write access to the database. These scripts must be positively removed after use and the website properly secured.
That said, you really need to look elsewhere too and see if there’s anything else leftover and / or has access to the database. And seek a hand from a professional.