How to Fix WordPress hacked URL injection
You opened your website on a new day and found a lot of URL popping up from your website. This is often referred to as a spam attack. Out of nowhere, you will see that many new websites are being opened on your WordPress website. On some websites, it will also redirect the website to some other website.
This is what an attack looks like. Now, some people will think, it’s an attack that has happened. However, it is surely not so. This could be because of a malicious code or it could also be an attack. In simpler words, there are various possibilities for it and we shouldn’t just assume one.
We will start with the overview of the attack and then we will move on to how to fix the issue.
Overview of URL Injection
WordPress URL injection is where your website gets flooded with a ton of URLs.
There are many ways URL injection happens. Some people also refer to it as spam injection or malware injection.
This is the place where you will see many unusual URL. Some of the websites are adult websites which is a big issue.
There are various ways this attack takes place. It could be redirecting your entire website or it could be adding popups on your website. Last but not the least, one of the popular commonly seen things is where the content gets flooded with a lot of spam links. Usually, these are for backlink purposes.
If you have used any of the plugins or themes from an unknown source or you are using any nulled plugins or themes then you will see this error. That’s the reason, we always suggest you get a license version or use a free version instead of cracking it.
Enough being said, let’s get into the main topic of how to fix it.
Make sure you have a backup of your current website.
Remove the Plugins/Themes
The first thing that you need to do is remove the plugins or themes which you have downloaded from an unknown source. Most of the plugins are directly available in the WordPress directory, CodeCanyon or you can find the plugin on the official website.
If you sense that the plugin or theme is from an unknown source, you should remove it. Not deactivate it, just remove the plugin. You can hit the delete button and purchase the paid one instead.
It will surely NOT remove the malware or the virus. However, it will prevent the code from adding new ones.
So, once you remove the plugin or the theme, we can continue with other possible solutions that you can go with. Don’t worry, your problem will be solved if you follow all the steps.
Scanning the Website
Your first goal is to find the files that are affected by the virus. Using a cloud firewall or antivirus won’t be much use here. Instead, you need to find a malware scanner that works directly on your WordPress website.
There are two most popular tools that you can use.
- CPanel virus scanner (free but does the work)
- WordFence (free and a premium version is also available).
You will find the cPanel virus scanner inside the cPanel. There is an option of a virus scanner. You can run the virus scanner. Make sure you run it in the entire home directory and not only on the website’s directory. There will be an option to run it everywhere. Click on it and let it do the work.
If you have any premium addon provided by your hosting service, you can also use it.
For Wordfence, you will have to install the plugin from the official plugin directory. Install and it and do a scan. Once the scan is completed, you can see the list of all the files that are detected.
Please note that it will take some time to run the complete scan. Don’t run both of these scans together. You can do it one by one. You can go in any order you want. Just make sure you let the first scan complete. Only then, you should start the second one.
Thereafter, you will see a complete list of files that have viruses or malware. There will be an option to fix or quarantine it. Just click on it and let the scanner do its work.
The virus scanner will surely remove most of the files. However, it is recommended to run a theme check also. For that, you can use a plugin called TAC (Theme Authenticity Checker). What this tool does is it will check all the files of the theme and will tell you if the theme is broken or using a malicious file.
This works the best when you have installed a new theme and you start seeing the useless URL. You can run TAC to see the affected files in the theme.
Fixing the Files
In most cases, the virus scanner will fix all the files. However, it’s always a better idea to do a manual scan along with the virus scanner.
Don’t worry, we won’t check all the files here.
Instead, what we will do is we will recheck the scanned files. You can keep a list of all the files you found by the virus scanner, Wordfence, and TAC. Once you have the list, we will simply replace all the files with the original file.
How to do that? It’s simple.
If it’s a plugin/theme, you can download the zip from the WordPress directory or the official website of the plugin. Extract it and find the file that has malicious code. Upload that particular file to the file manager and replace it with the affected file. You can run the scan again to be sure.
In the same way, if it’s a core file of WordPress, you will have to download WordPress from the official website. Download the zip and follow the same procedure as we did above.
The next thing you can do is check the files manually. To check the files manually, you can open all the affected files one by one. Look for the encrypted code. Even if you don’t know to code, you can easily identify it. They are just a bunch of huge words which doesn’t make sense. That’ the encrypted code. Delete that code and save the file.
Once you do both of these, your website will be clean. You can reload the website again to see if it is working properly or not.
Advanced Ways to fix URL Injection
If the above method doesn’t solve it, you can surely contact the hosting provider. See if they can help you out for free. If they ask for money, we don’t recommend you to give them.
Instead, what you can do is get a premium WordPress plugin. We suggest you go with Wordfence, you can go with any plugin you want.
Even if the premium plugin doesn’t do your work, you can get a security service that can be helpful. The security experts can surely fix your website in no time. So, you can also go with that option.
Post Clean-up Steps
So, you cleaned your website and now there are no more URLs, your job is over? Of course, not. There is one more step that you will have to take (actually two).
You will have to update all your plugins, themes, and the WordPress version. Sometimes, the security issue might be due to the update.
The main step is to inform Google about the changes. If your website had a lot of spammy content. Probably, Google noticed it too. Therefore, to prevent your website from getting penalized, you will have to inform them about the error.
To do that, you can open your search console and ask Google to reindex all the pages. It’s always a good idea to perform a URL inspection of your website to make sure that the website is running smoothly.
Once everything is alright, you can also inform your followers about the mistake. This only applies if it was big enough. If your website had the same error for like a month, probably many users faced that issue. Therefore, it’s good to clarify and tell them that the error is now fixed.
Lastly, you can have a cup of coffee and do the regular scans with the Wordfence plugin. This will protect your website from getting hacked. Remember, never use any nulled or cracked tools on your website.
To conclude, these are some of the things that you can follow if you are seeing a lot of URLs or links on your website. Following all these things will surely solve the issue in no time. Your error will be gone by the first method only. The last few methods are only given to make sure that your website is secure and you will not face any issues in the future. If your website has a lot of visitors, you can get a premium version of the security plugin or WordPress maintenance service.
How to Clean a Hacked WordPress Website using WP AOS?
WP AOS provides a risk-free WordPress malware removal service. 30 day money back guarantee, the most complete WordPress security plugin called iThemes Security Pro (worth $199 / year) + advanced security setup, and repeated hack protection for up to 1 year is included in the WordPress cleanup service. All of this has an industry best pricing – starting from
€ 222 / fixed website.
We value your time and thank you for reading our blog. So, we would like to show our appreciation by giving you an additional 10% discount on our malware removal service. Use coupon code WPAOSBLOG10 at the checkout.
WordPress Hacked? Malware Removal Service
Get your WordPress website fixed today.