10 min read
Nothing is more alarming than discovering that your website is suddenly redirecting visitors to unknown or spammy pages. This issue not only damages user trust but can also severely impact your SEO rankings and business reputation. When this happens, it becomes critical to quickly identify the cause and remove website redirect issues before they lead to further damage.
The most effective approach to remove website redirect problems is to begin by backing up your data, then proceed to scan for malware, clean infected files, fix server configurations, and finally update all security credentials. In this article, we will guide you step by step through these actions to help you successfully remove website redirect issues and protect your website.
>>> See more: Troubleshoot website redirects to another site effectively
Step-by-step guide to remove website redirectLink to heading
Step 1: Backup your websiteLink to heading
Before making any changes, always create a full backup of your website. This step is critical because it allows you to restore your site if something goes wrong during the cleanup process.
You should back up:
- All website files (e.g., public_html, wp-content)
- Your database
- Important configuration files such as .htaccess and wp-config.php
You can perform backups using:
- Your hosting control panel (like cPanel or DirectAdmin)
- Backup plugins (if you are using WordPress)
- Manual methods (FTP download + database export via phpMyAdmin)
Removing malicious code may involve deleting or editing files. Without a backup, you risk losing important data or breaking your website.
Step 2: Scan and remove malwareLink to heading
Next, you need to identify whether your website is infected and locate the malicious code responsible for the redirects before you can fully remove website redirect problems.
Use one or more of the following:
- Website malware scanners
- Security plugins or server-side tools
- Manual inspection for suspicious files
Look for:
- Hidden JavaScript redirect code
- Obfuscated PHP functions such as eval(), base64_decode()
- Unknown files or recently modified files
- External scripts loaded from suspicious domains
Once malware is detected:
- Remove or quarantine infected files
- Replace core system files with clean versions from official sources
- Record where the malicious code was found
Tip: Comparing your current files with a clean backup or original CMS files can help you quickly identify infected files.
Step 3: Clean infected filesLink to heading
After identifying infected files, you need to clean them carefully.
Common locations where redirect malware hides:
- index.php
- header.php/footer.php
- functions.php
- wp-config.php
- Upload folders (e.g., /uploads/)
What you should do:
- Remove any suspicious or obfuscated code
- Delete unknown files that do not belong to your system
- Replace important files with fresh copies from official sources
Example of suspicious code:
eval(base64_decode('...'));This type of code is commonly used to hide malicious scripts.
Important: Do not delete files unless you are sure they are malicious. If unsure, compare them with original versions before attempting to remove website redirect completely.
Step 4: Fix the .htaccess fileLink to heading
The .htaccess file controls how your server handles redirects and is a frequent target for attackers.
Open your .htaccess file and check for:
- Redirect rules pointing to unknown domains
- Strange or unreadable code
- Lines you do not recognize
Example of a malicious redirect rule:
RewriteRule ^(.*)$ http://spam-site.com [R=301,L]How to fix it:
- Remove all suspicious lines
- Restore a clean default version
For WordPress, a standard .htaccess file looks like:
# BEGIN WordPressRewriteEngine OnRewriteBase /RewriteRule ^index\.php$ - [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]# END WordPress
After updating:
- Save the file
- Upload it back to the server
- Test your website to confirm the redirect is gone
Step 5: Check database for malicious scriptsLink to heading
In many cases, attackers inject malicious scripts directly into your database, making it difficult to fully remove website redirect if this step is skipped.
Access your database (e.g., via phpMyAdmin) and search for:
<script>tags- Hidden iframes
- Suspicious links
- Encoded strings
Focus on important tables such as:
- wp_posts
- wp_options
- wp_usermeta
What to do:
- Remove malicious code manually
- Replace infected content with clean versions
- Be careful when editing serialized data to avoid breaking the site
Tip: Use search keywords like:
<scriptiframeeval(base64
These can help you quickly locate suspicious entries.
Step 6: Disable suspicious plugins and themesLink to heading
Outdated or untrusted plugins and themes are one of the most common causes of website redirect issues.
Follow these steps:
- Disable all plugins temporarily
- Re-enable them one by one
- Identify which plugin causes the redirect
Additionally:
- Remove unused plugins and themes
- Delete any nulled or pirated themes
- Update all components to the latest version
If a theme or plugin is infected:
- Delete it completely
- Reinstall a clean version from a trusted source
Important: Even one compromised plugin can reinfect your entire website and prevent you from fully remove website redirect.
Step 7: Reset passwords and permissionsLink to heading
After cleaning your website, you must secure it to prevent attackers from gaining access again.
Change all passwords, including:
- Admin accounts
- Hosting account
- FTP/SFTP
- Database
- Email accounts
Make sure to:
- Use strong, unique passwords
- Enable Two-Factor Authentication (2FA) if possible
Next, review file permissions:
- Files: 644
- Folders: 755
- Sensitive files (like wp-config.php): 600
Also:
- Remove any unknown or suspicious admin users
- Review access logs if available
ConclusionLink to heading
Removing a redirect issue is not just about fixing what you see on the surface, it’s about identifying the root cause and securing every layer of your website. By following the step-by-step process above, you can effectively remove website redirect problems, eliminate hidden malware, and restore your site to a safe and stable state.
Want to protect your site better? Discover more in-depth security guides on the W7SFW blog today.