404 Redirects to Spam
WordPress is the most popular CMS in the world, but its popularity is also it's biggest weakness. Hackers will use any trick they can to hack a WordPress site. If you're noticing your 404 page on your site is redirecting to a spam site, there's a simple fix.
WordPress is the most popular CMS in the world, but its popularity is also it’s biggest weakness. Hackers will use any trick they can to hack a WordPress site. If you’re noticing your 404 page on your site is redirecting to a spam site, there’s a simple fix.
We first came across this issue on the WordPress support pages, but until it happened to us, we thought it was an isolated incident. It wasn’t.
1. Scan the Site
Before you go any further, it’s a good idea to scan your site with a free tool like Sucuri’s site scanner. That should tell you if you’ve got a bigger problem on your hands. If it comes back clean, but your 404 Page Not Found page is still redirecting somewhere it shouldn’t, proceed to the next step.
2. Fire Up FileZilla
Fire up your favorite FTP client. Our favorite is FileZilla, but any FTP client will do.
View in the remote site your /wp-content/plugins/ directory and look to see if you can find a plugin folder called /wpppm/.
If it’s there, delete it. That’s the hack.
Go to a page on your website that you know doesn’t exist and you should see your 404 page (as normal).
You’re all done!
3. Change the Locks
As with any security breach, it’s a good idea to start changing the locks. In this case, change all your WordPress admin passwords (to something strong) as well as your FTP password.
Justin Downey
Justin Downey is Founder and President of JDM Digital. He's a closet nerd, loves craft beer, and is a poor (but improving) golfer.
Get the Email
Join 1000+ other subscribers. Only 1 digest email per month. We'll never share your address. Unsubscribe anytime. It won't hurt our feelings (much).