Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

WordPress

Redirected every time I go to /wp-admin to a different site??

Need some desperate help on this. Every time I go to mysite.com/wp-admin it redirects me to another site. I made (what I now know as a dumb mistake to use fiverr) the dumb decision in thinking someone from fiverr could actually help on something and now I can't reach my wp login page. My server admin says the 301 script has to be in the database somewhere, but I have no idea how to find it. I've already checked the head for some javascript redirection and the redirect script is not in the .htaccess file. The wp_options file in the database have the urls pointed still to where they need to go. I need some help on this if any of you can. Thanks!

9 Answers

Kevin Korte
Kevin Korte
28,149 Points

Tell me more, did this person have actual login access to your site.

Have you check your files for unusual edits? You will likely have to log into your host to actually view your source files. I would think they probably dropped a redirect script in one of your php scripts?

Yeah they had access to our backend. They were to bring in our vbulletin forums into our new wp site. They failed to do that, we fired them, changed our cPanel password and before that happened the redirect issue occurred and is still an issue.

Kevin Korte
Kevin Korte
28,149 Points

So they were actually in your cPanel? Which is worse than just being logged into your wordpress admin account. Have you checked modification dates for your wordpress files in cPanel? I imagine there are so many places they could hide the script.

Casey Ydenberg
Casey Ydenberg
15,622 Points

Have you tried completely deleting your .htaccess file? (Make a copy first) You can also try disabling all you plugins via the database: https://perishablepress.com/quickly-disable-or-enable-all-wordpress-plugins-via-the-database/ If you have to, can you restore your theme files from local copies?

Kevin- Yeah they had access to the cPanel, which was scary. We were watching for anything suspicious the whole time and didn't have any problems (even when they were doing work on our site) till the very end when we started voicing frustration for missing deadlines and the late responses. And that's when we changed our passwords but not before the redirect script was added some place.

Casey- I'll try the deleting of the .htaccess file and re-upload of that file, and disable plugins from the database to see if that works at all. Also I do have all my theme files locally.

Casey Ydenberg
Casey Ydenberg
15,622 Points

Did you reach any resolution? It's useful who people who might land here later to let us know how it turned out.

Thanks Casey and Kevin both for your responses! I re-uploaded all my theme files with no luck so I at least know they didn't add it with a javascript redirect or using php in any of the theme files at least. And I also re-uploaded the .htaccess file with no luck as well. I used your link and didn't have a active_plugins or plugins at all column in my wp_options table which kinda stopped me from being able to continue with the rest of your nicely written out tutorial on how to do that.

What I've come to realize as my next available options are to try and see if there is a way to do a search through the whole database to see if it can find any reference to "301" cause that would be in any script they would add. But i don't have too much experience with sql and don't know if you can even do such a thing. My last resort option would be to delete everything and set it all back up again with a fresh install and re-upload my theme files. Then I'd have to go in and re-add all my content for each page which wouldn't take overly long and re-setup the users for the site which also doesn't take that long cause wordpress makes that stuff the reason you use wordpress in the first place. But the pain will come with having to move all our posts (some 20,000+) over from our existing site again and get the posts to bring in the images and video from those posts as well. Which I had that previously hired out by someone so we would have to pay for that again. Which doing that would be a pain but at least it would be a clear way of fixing our problem.

Kevin Korte
Kevin Korte
28,149 Points

I'd reupload the core wordpress files to the server. Keep your current wp-config file though and use that to connect the fresh core wordpress files back to the database. Than you can copy and past the theme and plugin folders back into the fresh core files.

Had same issue on client server last week and it worked if I added in a / after wp-admin.

Hey Thanks to everyone who posted on here to help out. I ended up resolving my issue. The people I hired to do a vBulletin related job for me through Fiverr.com ended up adding four different plugins that had that redirect in it somewhere. I deleted all four of those plugins they added and everything works as it should again!

Moral of my story NEVER hire anybody from Fiverr.com. Anybody reading this I stress that you don't let anybody you know or yourself use Fiverr as a source of getting a small project done. At least one that is web related. Just stick to people you know and trust. I did do another project through that site previous to my disaster (which is why I went to it again) one that worked great eventually but only after a lot of problems along the way. I should have known better and have a lesson well learned in the process of going through that.

Thanks again everyone!