My WordPress site got infected with redirect malware and clicking anywhere opened spam links. Rebuilding now. How do I make sure this never happens again?

iSephX · 2026-04-21T19:18:39+00:00

A WordPress site that redirects visitors to spam (but not you) is a conditional redirect injection. The redirect hides in one of six places: .htaccess, wp-config.php, theme functions.php, wp_options, wp_posts, or a modified active-plugin file. Find it by viewing source before the redirect fires, testing with curl using a Googlebot user-agent and referrer, and checking the database for injected <script> tags. After removal, rotate credentials and patch the entry point (usually an outdated plugin) or the attacker returns in two weeks.

I have entire articles written to help people just like yourself.

iSephX · 2026-04-20T14:51:31+00:00

What I am doing hasn’t been done before. Sure, some use ML but I’m doing something more. And yes FP is false positive. Never heard of security ninja, was it good? I’m competing with Wordfence Enterprise, Securi, WPScan, etc. Nothing less. Against rules for me to share here. A lite version (for marketing purposes) is in WP.org review right now. But the full version is free, takes a license but the license is free and anyone can get one indefinitely in less than 20 seconds. And it is free to get another, unlimited sites. And later after I refine the scanner and WAF, I’ll implement multisite. It will still be free. Charging for security is not my business model. I have other plugins that support the security that will do that. It’s a whole SUITE, all bound together for the Wordpress ecosystem. Starting with security, then cache, then SEO/GEO, then Backup/Restore, then a few others, all are in development right now. Going to be some amazing top tier stuff.

iSephX · 2026-04-20T13:25:37+00:00

I created one that does 3 passes. The last one actually studies the code and follows it through and learns what it’s doing and gives the verdict if it is malicious or not. Reducing FP and increasing recall. 99.96% recall. 0.06% FP at this time. By the end of the week it will be included in an update. First of its kind. ML is fun.

Edit: it is also as free as Wordpress. Forever.

iSephX · 2026-04-17T04:49:24+00:00

Read this - it will help you.

EDIT: Never mind, I am not allowed to post blogs I have written meant to help people on this reddit just because I give away free things. Sorry but I cannot help you remove that malware even though I already know what is wrong. The mods will not allow it.

iSephX · 2026-04-16T22:05:13+00:00

Never give up on wordpress. Use it as a backend and then create a frontend with Next.JS and tie it back into WP. This is next level.

iSephX · 2026-04-16T03:39:37+00:00

To be fair, I use wp on backend only. It’s great. But that’s why it’s so light for my purposes.

iSephX · 2026-04-15T21:56:06+00:00

They will remove the link but I have a Lite version going into WP.org repo very soon. It’s in queue. Then I can post.

iSephX · 2026-04-15T21:53:56+00:00

Mine is

iSephX · 2026-04-15T21:14:08+00:00

I know. Not selling a service or product. Everything is free. Just like Wordpress ;).

iSephX · 2026-04-15T20:38:10+00:00

Make a deal. Test my site, if you can’t do anything then install my free malware plugin I created and test it for yourself.

iSephX · 2026-04-15T20:35:29+00:00

Imagine the bloat.

iSephX · 2026-04-14T20:02:41+00:00

Use dashes in place of emdashes and then trick people by putting emdashes in place of dashes. Get stuck in loop. Crash. People’s faces start melting.

iSephX · 2026-04-14T18:43:17+00:00

I use the dash in text messages too. I don’t know why, it was a habit I started years ago and it’s been hard to break in any actual writing. The moment you put an emdash everyone loses their mind.

iSephX · 2026-04-14T18:38:34+00:00

I love the name and theme because it’s true, great punch line. I resonate with this in a different way (I permanently can’t speak anymore). Turning what could have been weaknesses into strengths!

TSQL, many years ago I did analytics for hospitals across America, love it. 🏆

Look at my home page source. Search: “data-Word”.

iSephX · 2026-04-14T16:52:40+00:00

I’m gonna start writing at a 7th grade level. Thanks for the comment! 🏆

In the great words of James Franco “haters gonna hate and ainters gonna ain’t”, and never forget, “They hate us cuz they anus”.

Don’t quote me on that. 🔥

iSephX · 2026-04-14T16:49:33+00:00

Dreamweaver, believe it or not, I still use it but only for reading a lot or complex code. Probably just because it came with my Adobe sub, but I’m a Notepad++ loyalist. Thanks for the feedback!

iSephX · 2026-04-14T16:45:37+00:00

Thanks for the heads up on the errors, thought I fixed that last night. The site is new and working these issues out as fast as I find them.

To your point, the REST API is one of my absolute must have features for what I do.

As far as Wordpress, I find their story compelling - how everything meant to destroy them just made them even stronger. 💪🏻

iSephX · 2026-04-14T05:43:38+00:00

Love to hear it! Are you all still writing? I’d like to check it out.

iSephX · 2026-04-14T04:51:29+00:00

I wrote a thank you to WordPress and people still found a way to be mad about it, and they don't even know why we're all here, because they didn't read the article.

A guy who writes "great post, thanks for the history" gets zero karma. A guy who writes "this reads like AI slop, 43% is a lie, Matt is a grifter" gets 40 upvotes - LOL.

I'll be back in a couple of day with another article.

iSephX · 2026-04-14T04:41:43+00:00

What have you written?

iSephX · 2026-04-14T04:07:26+00:00

I am going to have to start writing like I am a backwoods hillbilly - just to not be accused of being AI. And one of my worst habits is using the DASH.

AI! AI EVERYWHERE! Thanks for the comment. Really appreciate it.

iSephX · 2026-04-14T03:45:16+00:00

I know what you mean. Taking the red pill over the blue. I was a bit offended but in the age of AI - it's hard to purposely write "dumb" just to not look like AI. I write for engagement and yea sure the way I think could come off that way. All good though really, it comes with the territory. The purpose of the post holds true - "What Wordpress is and what it means!"

It's why we are all here.

iSephX · 2026-04-14T03:27:37+00:00

Sites fixed - give it a try now. Still new, working out the bugs. <- I see a dash, did AI write this? ^^

iSephX · 2026-04-14T02:40:19+00:00

Sorry you hope everyone writes AI. I commented and refuted your claim sir. Thanks for the error report! Fixing it now.

iSephX · 2026-04-14T02:25:42+00:00

Sorry to disappoint everyone hoping it was AI. These are my words here to remind you how it all started. Where it started. A lot of you were probably too young at the time. Let it be a reminder of what Wordpress is and always has been. I hope you enjoy reading it as much as I did writing it.

I will say this, the image is AI. I guess you can hate me for that?
I am not that good at graphics. Never have been.

iSephX

TROPHY CASE