One of the most common hacks on WordPress that have not been maintained correctly is that of redirects to other sites.
A few days ago I got a WordPress 3.4.x (we currently have version’s 5.3.x) that, obviously, was completely outdated, both the core and plugins. The theme was tailor-made. It also had PHP 5.6.x.
How to correct this problem?
To begin with, I have to say that this correction that I propose is very radical, so the site may stop working, and important changes have to be made, but the objective is that everything ends up to date.
Another important thing is that you should have a backup of the entire site and database.
Finally, it will be necessary to have SSH access to the server where the site is and have WP-CLI to facilitate the tasks. It can be done more manually, but with WP-CLI the whole process is facilitated.
The first thing to do is to update everything. Beastly, yes. To do this we will update the core, plugins, themes and translations.
To begin with, we will execute several commands. We will update and own WP-CLI, and then the kernel and the rest of the elements.
wp cli update wp core update --force wp core update-db wp plugin update --all wp theme update --all wp language core update wp language plugin update --all wp language theme update --all
With this, we will have everything up to date and a good chance that something will not work.
The next thing we will try to do is enter the WP-Admin from the address like this:
If when entering we have redirection problems, we will make a first review of the WP-Config file. My recommendation is to apply a somewhat aggressive version based on the file generated by default WP-Config. Above all, it is important to configure the Site URL and Core files URL with the correct URL to avoid those redirects.
With this we should be able to access the WordPress management panel itself, although surely if we enter the main page we will still have the redirects.
<script> so we will focus on these not loading.
To do this, what we will do is replace the scripts with something that we can execute. How? Well, substituting
<scr1pt, for example. For this we will use a replacement system of the WP-CLI itself.
wp search-replace '<script' '<scr1pt'
With this, we will prevent the scripts that have been included within the entries from being loaded.
In general, with these steps, we will have one place a day and with the possibility of having everything up to date. While it is true, that this last step would be enough to fix the problem, the focus of the update comes because surely the system has security holes and, promptly correcting the scripts, would be of no use since soon it will be vulnerable again.
This problem is one of the many that you can find if you do not do maintenance of your site but, obviously, each case can be different, so before acting, check that really the problem you have is similar to the one I mention.
About this document
This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.