It’s recently become evident to me that the hackers are starting to look at plugin code to try and compromise your wordpress installation. One possible hack is with the wordpress redirect plugin.

I’ve been corresponding to a fellow wp’er, and some of his wordpress installations have started to ‘redirect’ to pages outside of his site, instead of pages and posts within his site.

It immediately sounded like a redirect problem, so out of speculation, I suggested that he take a look at his redirect plugin. Sure enough, seems that part of the hacking that occurred on his site centers around manipulation of the redirect plugin.

I don’t yet know that full scope of this, but I do know that there may be an easy fix for this issue. If you go into your admin panel and look for the ‘redirection’ under ‘Tools’,

imageSelect this, and you will be presented with this page, here select under ‘Redirections for group’, ‘options’:

imageOnce you select, Options, you’ll go down the page and near the bottom you’ll see the following:

imageClick on the ‘Delete’. Be forewarned that you keep a record of any static redirects you’ve entered into the redirect module. It will remove all of these too! You’ll have to re-enter any manual redirects that you’ve created after deleting all links.

Now, you will be asked to confirm the deletion and after the redirect plugin will be cleaned and disabled. You will need to re-enable the plugin after.

I’m pretty sure that this will rectify the wordpress redirect hack but I still need to confirm this information.

If you encounter this problem and have more info, please comment below!  

Filed under: secure wordpress

Like this post? Subscribe to my RSS feed and get loads more!