How to Fix Malware

Recently we notice many POST requests designed to inject WordPress websites with the following script. If you recently noticed Wordfence alerts, it doesn’t mean the website is infected – the attacks were likely unsuccessful.

However, if the code was successfully injected, a professional cleanup is recommended, followed by a website review and update.

Try our Free site check.

<script src=""></script>
<script src=""></script>

Contamination signs

Redirect malware in WordPress can be quite stealthy, often randomly redirecting visitors to malicious websites without the website owner’s knowledge.

  • Unexpected redirects: Users are redirected to unrelated or malicious websites when they try to access your WordPress site or specific pages.
  • Traffic spikes or drops: Sudden spikes or drops in website traffic can indicate that your site is being redirected, either driving fake traffic or deterring real visitors.
  • Unknown scripts or files: Check your website’s files and scripts for any unfamiliar or suspicious code, especially in theme files, plugin directories, or the .htaccess file.
  • Complaints from visitors: If visitors report being redirected or experiencing other suspicious behavior on your site, take their feedback seriously and investigate promptly.

If you suspect that your WordPress site has been infected with redirect malware, it’s essential to take immediate action to clean your site and prevent further damage.

This may involve using security plugins, scanning your site for malware, updating WordPress core, themes, and plugins to their latest versions, and strengthening your site’s security measures. Additionally, consider reaching out to a security expert for assistance in resolving the issue.

Malicious POST requests sent from: AS210848, Telkom Internet LTD Azerbaijan,, AS202425 IP Volume Netherlands

How to block malicious POST requests:

If .htaccess is available, you can block the malicious traffic blocking the whole IP range.

deny from
deny from
deny from

Malicious URL > resolves to

Other suspicious links:
Malicious Cloudflare nameservers:,

Malicious domains:,,,,,,,,,,,,,,,,,

If you’ve recently noticed bogus popups or unexpected redirects to suspicious domains on your website, we can help.

Our skilled malware analysts are available 24/7 to fix hacked websites and clean up malware – reach out to us if you need help.

Try our Free site check.

A security analyst will perform a free thorough external site check within the next minutes.