Title: artcared's Replies | WordPress.org --- # artcared [ ](https://wordpress.org/support/users/artcared/) * [Profile](https://wordpress.org/support/users/artcared/) * [Topics Started](https://wordpress.org/support/users/artcared/topics/) * [Replies Created](https://wordpress.org/support/users/artcared/replies/) * [Reviews Written](https://wordpress.org/support/users/artcared/reviews/) * [Topics Replied To](https://wordpress.org/support/users/artcared/replied-to/) * [Engagements](https://wordpress.org/support/users/artcared/engagements/) * [Favorites](https://wordpress.org/support/users/artcared/favorites/) Search replies: ## Forum Replies Created Viewing 3 replies - 1 through 3 (of 3 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Site hacked despite Wordfence](https://wordpress.org/support/topic/site-hacked-despite-wordfence/) * [artcared](https://wordpress.org/support/users/artcared/) * (@artcared) * [7 years, 5 months ago](https://wordpress.org/support/topic/site-hacked-despite-wordfence/page/2/#post-10966452) * Hi levelocipediste, * The redirect can probably fixed by editing the first line of wp_options in the database. After fixing this and updating the gdpr plugin I had no further redirects, so it seems no other fixes are necessary. See also my contribution further above. Hope it helps! * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Site hacked despite Wordfence](https://wordpress.org/support/topic/site-hacked-despite-wordfence/) * [artcared](https://wordpress.org/support/users/artcared/) * (@artcared) * [7 years, 5 months ago](https://wordpress.org/support/topic/site-hacked-despite-wordfence/#post-10930179) * thanks, wfsa. it is helpful to know GDPR vulnerability is the likely cause. Resetting the siteurl in wp_options and updating GDPR makes the site accessible again and hopefully protected against further attacks from that sort. I am still concerned there may be some malicious code left somewhere. I am scanning with the nintech scanner and do not have the results yet, but if you have any information what else should be done to make the site safe again would be appreciated. One further information: I found forwardmytraffic.com in the re-directed url and in the log report, so I am pretty sure this is the main hack. However, after restoring the url and before knowing about the gdpr vulnerability I got a second re-direct which was to blueeyeswebsite.com. I think it might be a good idea to put that on the blacklist too. Thanks again * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] Site hacked despite Wordfence](https://wordpress.org/support/topic/site-hacked-despite-wordfence/) * [artcared](https://wordpress.org/support/users/artcared/) * (@artcared) * [7 years, 5 months ago](https://wordpress.org/support/topic/site-hacked-despite-wordfence/#post-10929908) * I had a similar issue two days ago and was also not able to log in because that was redirected too. I am really not knowladgeable about anything wordpress etc, but I found the following: * the database had a redirect in the first line in wp-options. I restored the siteurl as it should be, and the issue was gone. No idea at that time how the entry got there. * One day later I had the same issue again, albeit to a different url. changed that again, and it works, but curretly trying to dig a bit deeper into the cause. I found a post from nintech: [https://blog.nintechnet.com/critical-vulnerability-in-wp-gdpr-compliance-plugin-massively-exploited/](https://blog.nintechnet.com/critical-vulnerability-in-wp-gdpr-compliance-plugin-massively-exploited/) I have this gdpr plugin installed (thanks to the EU!) and updated this now. It seems the hackers got in right from there. I updated the gdpr plugin, and I am currently running the nintech scanner to see whether there is some remaining infective code in my wordpress installation. hope it helps! Viewing 3 replies - 1 through 3 (of 3 total)