Plugin Support
oiler
(@eulerarthur)
Hey there,
Thanks for reaching out!
What you’re seeing doesn’t match how PrettyLinks normally behaves: redirects are meant to run on your own domain, so if clicks are ending up on ushort.com instead of your site, something outside the plugin is likely rewriting or intercepting the URL. That can sometimes be a compromised site, but it can also come from email link tracking, a security filter, or something else in the path between the click and your server.
The detail that pasting the URL into the address bar works while a click from email does not is especially useful, because it suggests the problem might not be only on the WordPress side. To narrow it down, could you send one specific Pretty Link that does this, plus where you’re clicking it from? It would help to know whether it only happens from email or also when the same link is clicked from a normal webpage.
In the meantime, running a deeper scan with something like Wordfence or Sucuri is still a reasonable step, and it’s worth checking common places where unwanted redirects get injected, such as .htaccess, wp-config.php, and the database, for anything that references that third-party domain. Once we have a concrete example and a bit more context on how the link is being opened, we can point you in a clearer direction.
Looking forward to your reply. Thanks!
All the best,
It actually changed within the plugin itself. See here: https://www.dropbox.com/scl/fi/o9ci077is71syl5r75er9/prettylink.png?rlkey=34uk6qip68vsb3zljk6kv968n&st=vwf2yeg7&dl=0
I may have found the hack using a deep scan with Wordfence. It looks like a rank-math xml was uploaded which has the ushort code in it.
Thank you!
Plugin Support
oiler
(@eulerarthur)
Hi there,
Glad to hear you sorted this out! I am closing here then, but please feel free to contact us anytime if you need assistance with our product.
Kind regards,
