This is extreme and may have unintended consequences but it tell you if this is the issue.
MAKE A BACKUP COPY of your .htaccess file and delete the server version. If this works, then you need to figure out what if anything needs to be salvaged from your .htaccess file.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Please remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
Thanks for the speedy reply. The .htaccess file I have access to is on the server… I don’t have a separate version. Would this make a difference then?
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
If the redirect is happening in that file then modifying the file will treat the symptoms but not solve the problem. Your site needs to be deloused and that link can help walk you through it.
https://codex.wordpress.org/FAQ_My_site_was_hacked
The .htaccess file is on the server. Before you do anything to it, make a backup. Copy it locally if you need to then delete the server copy. As Jan stated, this is simply a test to see if that’s where the hack has occurred. You will need to find out how it actually happened.
Thanks, Jan. I’m going through the document you provided.
It looks like I will have to redo the site. I don’t have a backup… I deleted the suspicious files but now getting a 404 error if clicking on site links via search engines.
don’t redo the site. At least download a fresh copy of wordpress and copy it back to your directory. Which, btw, if you see files in your infected installation that aren’t native to the fresh copy of WP, treat them as suspicious. For example, I found several files in my root like default.php, post.php, page.php, login.php that aren’t part of the core WP.
@agmissions
If fixing it yourself is not an option then I would consider weighing up the cost in time of rebuilding the site vs getting a hack repair specialist to take a look (Disclaimer. I’m not affiliated to nor carry out any such work). Check for quotes online or post a request on http://jobs.wordpress.net/
Hello.
Does anyone solved this? 5 days have passed since all my wordpress sites have been hacked, and I fixed it deleted the lines from .htaccess file. But after a few minutes or hours the .htaccess keeps getting hacked again. I changed all passwords. I really can’t figure it out.
Thanks.
Download the free plugin Eli’s Antimalware and ran a scan on your site(s). It is helped me find malacious code in some theme files.
I am also using this plugin and is happening the same with me, I found that everything starts by this site:
buceta.biz