This is not a common redirect, or a guide on how to redirect your WordPress site to another. But if you are planning to do so, go to the menubar on the left, click Settings > General and key in the site you going to redirect to in the Site Address (URL) field. If that didn’t work, or your site were hijacked from WordPress backend, just login to cPanel and redirect to other site and clean up your File Manager.

One of my site were consistently redirected to a crypto site, apparently based in Middle East. It has been like that for three weeks, and I couldn’t block some time to deal with it. The traffic drops with a massive margin, so on the second week, I logged in to cPanel and redirect the site to another. That would cause my loss in Google ranking. Another weeks passed as I was busy with work commitment and final exam.

So, today I spend about half a day trying to figure what is the problem.

Solving problem

First, I looked into File Manager in cPanel and identify folders or files that considered foreign and/or obsolete. Over the time, i installed and uninstalled some plugins, so many of the files generated by those plugins left rotten in my site. I had to download fresh WordPress and opened in local server to compare and identify foreign files. But this took me around an hour to dealt with, and honestly, I thought it was a waste of time.

Second, i logged in to WordPress, and do the usual; update theme, update plugin, delete unused plugin, delete unused theme. I looked into Comment section to see if there’s any sign. Finally, i looked into User list. In the past, I had some issue with my site, and it was because some people registered as user in my website, and able to make himself Admin. Obviously, my site password no longer safe. So, I reset the WordPress login password, cPanel password and install WP Bulk Delete plugin. Anyway, i reckoned there was about 4,000 users of my website, mostly with email based in Europe. So the plugin able to delete all of them in one click, but the more you tried to delete, the longer it took to complete. But it gets the job done.

Now, with the site password reset, and all user deleted, leaving only Admin user access, I suppose i can start looking for the malware. I went to cPanel again to look in the File Manager, combing hundreds of files, looking for any sign (example, search the redirect site url “ushortdev” in any files), but couldn’t find any. Before long, I realised I’d spent about an hour doing this. Surely there’s more effective way to do this.

The issue is the website redirects to that crypto site every time I go tried going to the main page. Somehow something clicks, there must be something on the main page that automatically reroute the traffic. Few Google search later, I found WhereGoes, that help to identify what cause the reroute. I just typed in my site url, and WhereGoes processed and showed the Java script of the main page. It was long, so I copy pasted the codes to Note app and looked for any indicator or trace of ushortdev url. Apparently, it’s there on the main page.

To confirm, I went back to WordPress, and clicked the Template page. I found the code sitting there in HTML widget, placed on my site body and footer. I simple action of deleting the widget solved the problem.

Lesson learned.

Constantly housekeep your file and website element, and change password monthly, if your website traffic is high.