Fix for Redirect Malware

Admarketlocation redirect hack is affecting many sites this week.
According to publicwww, so far aprox. 995 sites are affected by malware.

Need help? Let us clean your site.

Redirect pattern:
Malicious script injected:
will redirect users to:
then visitors will get content from:,,, and other malicious sites. During the final step user’s browser may become permanently infected.

Here are some basic steps you should take, in order to sort it out:

1. Perform site backup ( site files and database ).
2. Evaluate if your site is affected by cross-site contamination.
3. Check wp_posts and wp_postmeta tables for Javascript injections using a database manager tool.
If posts are infected, run this SQL query.

 UPDATE wp_posts SET post_content = REGEXP_REPLACE(post_content, '<script(.*?)>((.|\n)*?)<\/script>', ''); 

3. Manually set siteurl and home data, using wp-config.php ( after this, you should have restored dashboard access )

define( 'WP_HOME', '' );
define( 'WP_SITEURL', '' );

4. Make sure only authorised users have administrator rights.
5. Update core files, plugins and theme ( important ).
6. Change “home” and “siteurl” using phpMyAdmin or any other database manager.

Optional: change database password, remove FTP accounts which you don’t need, change cPanel login information.

<sc​ript src=''

Notepad++ can be used to search and replace malicious Javascript within wp_post SQL dump. Use the following string: .

Running SQL queries or Notepad++ search and replace requires technical knowledge.

Other malicious URLs:

Need help? Let us clean your site.