Remove cache after hacked Wordpress site

Question

My Wordpress website got hacked. It redirected the user to some spam website. Since than I already cleaned the website and the problem does not occur anymore.

The problem is, that my visitors are still redirected to the spam website until they clean they cache or stop the redirect and reload the page.

I'm not really sure what to do, to fix this. I know I can't remove the user's cache remotely, but there sure must be some way how to tell their browser, that there are changes on the site before the redirect starts.

I already added this code to the website:

<meta http-equiv="cache-control" content="max-age=0" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="expires" content="0" />
<meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
<meta http-equiv="pragma" content="no-cache" />

Any ideas?

Should be able to do it with headers, the problem with doing it in metas is that html is not even served when `304 Not Modified` is sent, so its not seen by the browser. — Lawrence Cherone, Apr 16 '18 at 10:10
please see article https://www.2-viruses.com/how-to-fix-google-redirect-virus-browser-hijacker-problem — Gufran Hasan, Apr 16 '18 at 10:17
@lawrence-cherone Thanks for the answer. I tried to add this to htaccess: Header set Cache-Control "no-cache, no-store, must-revalidate" Header set Pragma "no-cache" Header set Expires 0 and this to my header.php header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP 1.1. header("Pragma: no-cache"); // HTTP 1.0. header("Expires: 0"); // Proxies. but it still does not work — Jan Pulpán, Apr 16 '18 at 10:36
Your need mod_headers module enabled for that to work, see https://stackoverflow.com/questions/13640109/how-to-prevent-browser-cache-for-php-site - to do it in just php, add the headers to your config or something, does wp not have a plugin to turn off caching, if not id be supprised? — Lawrence Cherone, Apr 16 '18 at 10:42
If all else fails make sure your not still infected, these problems will come back if you just restored from backup. — Lawrence Cherone, Apr 16 '18 at 10:45
Try to see headers in console/terminal: `curl -I http...your..domain` if you see 30x then it backed problem. Then see web server apache/nginx. You can to add `echo 'test'` to index.php and check headers it in browser or terminal. — gregman, Oct 18 '19 at 14:50

score 0 · Answer 1 · answered Apr 16 '18 at 10:42

0

I faced this issue also I added this code to my .htaccess file get rid of it. Please try it.

<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType text/html "access plus 3 days"
ExpiresByType text/xml "access plus 1 seconds"
ExpiresByType text/plain "access plus 1 seconds"
ExpiresByType application/xml "access plus 1 seconds"
ExpiresByType application/rss+xml "access plus 1 seconds"
ExpiresByType application/json "access plus 1 seconds"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/javascript "access plus 1 week"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType application/x-javascript "access plus 1 week"
ExpiresByType image/x-ico "access plus 1 year"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType application/pdf "access plus 1 month"
<IfModule mod_headers.c>
   Header unset ETag
   Header unset Pragma
   Header unset Last-Modified
   Header append Cache-Control "public, no-transform, must-revalidate"
   Header set Last-modified "Mon, 1 Apr 2017 10:10:10 GMT"
 </IfModule>
 </IfModule>

answered Apr 16 '18 at 10:42

Gufran Hasan

8,910
7
38
51

1

Might work, comment out the if conditions if you get a 500 error then mod_headers.c is not enabled. – Lawrence Cherone Apr 16 '18 at 10:43
thank you for the tip. unfortunatelly it does not work for me. – Jan Pulpán Apr 16 '18 at 10:44
you can check for yourselfs here - mezinami.cz – Jan Pulpán Apr 16 '18 at 10:45
it redirects, but as soon as i delete my cache it starts working fine. so i dont think the malware is still there – Jan Pulpán Apr 16 '18 at 10:45
ok, i will have to look further than. what i dont understand about this is, why the redirect stopped as soon as i delete the cache? i tried this on multiple PC and it works the same. – Jan Pulpán Apr 16 '18 at 10:51
@JanPulpán, I just find an useful article. hope it will make sense https://fixmywp.com/blog/add-expire-headers-wordpress-site.php – Gufran Hasan Apr 16 '18 at 10:53

score 0 · Answer 2 · answered Aug 24 '22 at 03:59

Run malware scan using a plugin like Wordfence Security. (It will help you to find malicious files and codes)
Open the WP-Content Folder
Open the “Cache” folder
Then open each folder and delete the contents stored inside them. Do not delete the folders (Either you can clear Cache using a plugin like WP Fastest Cache.

Remove cache after hacked Wordpress site

2 Answers2