Ultimate Website Security Tools

Scan your website for Malware
How to remove malicious redirect from a website database

Your website redirects you to a malicious or fraud resource? And automatic tools can’t fix that? Well, it looks you need to check website database tables.

This is the short guide about how to remove malicious redirect from WordPress website database. Manually. And first, please, make a backup for your website database 🙂 So, lets start!

1. Check siteurl & home values of wp_options table (wp_ – table prefix may be different). You can use phpMyAdmin (if it installed on your server) or Adminer.
malicious reditect in wordpress database

2. Check wp_posts table. If a malicious script exists – use the SQL command:
Find malicious URL in website database
It removes all malicious scripts from the entire wp_posts table.

3. Then, we recommend you to use search and check tables for malicious URL again:


Recheck website database for malicious redirect

4. And on top of that, search and check all scripts in your database:


Check malicious scripts in WordPress database

5. After database cleanup, we recommend you to change passwords for all administrators and also remove the administrators generated by malware.

This guide prepared by Andrew Kutuzov / Virusdie senior security expert.

Join our private Facebook group to get help from other security experts, and share your own web security experiences and expertise. Group members receive exclusive news and offers. They can also communicate directly with the Virusdie team. Join us on Facebook.