I'm in better spirits than this morning, but I still haven't resolved my problems. I have read and read today, followed links, etc... I still can't find where this is happening so I am reaching out for suggestions. Thanks!
I will preface what I know with admitting what I didn't do. I had several out of date plugins, a slightly out of date WP version, and a out of date theme.
I will also mention something really weird. The website that this hack redirects to has a domain I used to own on the same subject as a referral. Related? Not sure. I did go into the SQL DB and changed all stray references to that site (my old domain) to the current domain. The site in question is not the same site that I hosted on that domain, but I am using the same theme and some of the old content.
This site has been chugging along smoothly for 6 months.
This morning, I got an email and when I checked it out, I saw the same thing. What is happening is random pages, single posts, search, etc are loading up and a second later, redirecting to a p0rn site.
I have done the follow so far but I am on a laptop with a slow connection so I can't really dig in until I get home in a few hours.
- I have done a search in the SQL DB for the domain that it's redirecting to as well as my old domain. Didn't really find anything other than mentions of my old domain. I also searched for some things mention in some really helpful posts I read here earlier today. No luck.
- I disabled all plugins, nothing.
- I updated timthumb, still hacked.
- I then changed theme to one of WordPress' default themes and I not getting redirects now. Good News! :) That said, I assumed the theme I am using has been hacked and I went through every file that I can access via wp-admin (in the edit theme area) and didn't see anything out of the ordinary.
- I decided to download an updated version of the theme and move to it and redo all the custimization I had done later. I put the new theme in a new directory and treated it as a new theme with all new files. I activated it and got the same thing. It wasn't a file apparently.
Maybe there is something that this particular theme calls from the SQL DB that is in common between the old and new versions of this theme?
The website that I am being redirected to is: searchremagnified(dot)com
Does anyone have any suggestions?