Hi for the past two months I have been facing backdoor redirection spam on my website. Whenever a new user enters the website and clicks on any new element, it redirects the user to a spam link :- "https://yourbigexplosivewin.life/?u=7mkpd0d&o=ex5whk5" or "http://blenderelements.com/" Upon searching further I came across the attached screenshot but I am unable to figure out its source or where it is located in my file manager.

I researched about it and saw some similar posts about hello.php spam but I have deleted the plugin 2 months back only but with no luck as the spam is still there on the website. I have tried using the wordfence and sucuri security plugin, but still facing the same issue. I will be attaching a screenshot of wordfence security scan, it shows the actual path of vulnerable files, but when I visited the path I found nothing. wordfence

CodePudding user response：

Delete the Problematic Plugin (WP Rocket), It should be fixed.

Because Wordfence Said,

This File contains suspected malware URL: wp-content/cache/wp- rocket/**********/product/calacatta-viola/index-https- webp.html

Also Delete wp-content/cache/wp- rocket/ folder from file manger.

CodePudding user response：

Unfortunately, you´ll have to remove the post from the database as it has been injected into the post table. you can use mysql search function to search the url. I also had same issue and deleting the links from the database helped. but ensure you make a backup of your database incase something wrong happened.