many WordPress sites were hacked and redirected users to fraudulent sites

WordPress is (still) the leading content management system on the internet, and about 40% of websites are based on it—whether they are small websites, sales websites, or large content portals. The fact that it is so widespread makes it a popular target for cyber attacks and hacks. Hackers take advantage of the fact that website owners do not adhere to basic WordPress security and do not choose secure, high-quality website hosting. In recent days, many WordPress sites around the world have been hacked. The hack in question used JavaScript code injection to redirect users to scam sites or sites that distribute malicious code, with the aim of generating artificial traffic and fake website promotion. Files such as jquery.min.js and jquery-migrate.min.js were injected with encrypted code that was activated every time a page on the site was loaded, allowing attackers to create redirects to malicious sites. In some cases, users were redirected to a landing page with a CAPTCHA, which, when clicked, caused ads to pop up on the computer, appearing as if they came from the operating system rather than the browser. The attackers exploited vulnerabilities in outdated plugins and templates on WordPress sites, infecting thousands of websites. To strengthen the security of your WordPress site, be sure to update the system whenever there is an update, and also update the plugins and templates. If you have old plugins that haven't been updated in over a year, it is recommended that you remove them and choose an alternative plugin (or do without the plugin altogether). In addition, it is very important to choose a web hosting service that emphasizes security, as this is your first line of defense. Secure web hosting monitors the websites on its servers using advanced tools that are not available to regular website owners, prevents attacks, performs backups, and cleans viruses before they infect your WordPress website.

How to detect that a WordPress site has been hacked

Signs of compromise: automatic redirects to external sites (especially from mobile), new files in wp-content/uploads you didn't create, a new Admin user you didn't set up, or Google Search Console messages about "Deceptive site ahead". First check: log into FTP/SSH and look at the modification dates of core WordPress PHP files — unusual changes indicate code injection.

How to recover after a hack

1. Restore from a backup taken before the hack (if you have daily backup like ours, restoration is fast).
2. Change passwords for everything: cPanel, FTP, database, and all WordPress users.
3. Update WordPress + plugins + theme to the latest version.
4. Run a full scan with Wordfence or Imunify360 to detect residual code.
5. Check WordPress logs + Apache/Nginx logs to identify the vector.

Prevention: 5 steps that block 90% of attacks

• Enable two-factor authentication (2FA) on every Admin user.
• Remove unused plugins — an un-updated plugin is an attack vector.
• Block xmlrpc.php if you're not using the API.
• Use a hosting plan with Imunify360 or Wordfence Premium.
• Daily automated backups with simple restore.

Our managed WordPress hosting plan includes all these steps as standard. We wrote separately about this on the server maintenance services page.