Hi for the past two months I have been facing backdoor redirection spam on my website. Whenever a new user enters the website and clicks on any new element, it redirects the user to a spam link :- "https://yourbigexplosivewin.life/?u=7mkpd0d&o=ex5whk5" or "http://blenderelements.com/"
Upon searching further I came across the attached screenshot but I am unable to figure out its source or where it is located in my file manager.
I researched about it and saw some similar posts about hello.php spam but I have deleted the plugin 2 months back only but with no luck as the spam is still there on the website. I have tried using the wordfence and sucuri security plugin, but still facing the same issue. I will be attaching a screenshot of wordfence security scan, it shows the actual path of vulnerable files, but when I visited the path I found nothing.
wordfence
2
Answers
Delete the Problematic Plugin (WP Rocket), It should be fixed.
Because Wordfence Said,
This File contains suspected malware URL: wp-content/cache/wp-
rocket/**********/product/calacatta-viola/index-https-
webp.html
Also Delete wp-content/cache/wp-
rocket/ folder from file manger.
Unfortunately, you´ll have to remove the post from the database as it has been injected into the post table. you can use mysql search function to search the url. I also had same issue and deleting the links from the database helped. but ensure you make a backup of your database incase something wrong happened.