For developers, here is how you remove the malicious code that causes this redirect.
So basically what you want to search for in your code is the ‘str_replace(‘ function. It will be obvious in your search which files are infected, as there are several hundred encrypted characters side by side in your file.
Check out the attached screenshot. What made this tricky is the beginning of the code starts with <?php , but then has about 1000 blank spaces before the malicious code starts (sneaky bastards). What also made this tricky is the timestamp on the files shows up as unchanged, so they do not look suspect just by viewing them via ftp. It seemed to infect all of my files named index.php, header.php, and functions.php. As well as some various other files. The code is isolated to the very first line of code in all the files.
Hope someone else may find this helpful.
Hi Everyone,
How are things??…
@noslenwerd, I have a very similar issues in a few wp site, how you clean yours site?… just deleting the code at top? What you done with the “…” file..
@rngdmstr I have check the .htaccess file all looks ok, but still a redirect in devices 🙁
I have use wordfence to found the infected files, but sometime it not found all….
Any ideas?
All the best,
@robnilas: As explained previously, if you require assistance then, as per the Forum Welcome, please post your own topic instead of tagging onto someone else’s topic.
I am now closing this month old, resolved, topic.