Security, WordPress Security

How to remove spam/virus

Written by Anup Kumar
Posted on - 3 min read

We recently discovered SPAM/virus to have infected our client’s website. And, after understanding it and removing it, we felt the need to share the how works with our readers too.

Symptoms of this SPAM in WordPress:

  1. You are often being redicted to URL or to your website’s admin panel.
  2. This spam works even without any suspicious codes on the wp-config.php or index.php files.

The below-mentioned spam removal method will only work  if you have any one of the below-mentioned cases:

  1.  For those of you using the Astra Themes specifically,we’d request you to check your plugins folder that has astra-sites plugin installed.
  2. Check your database options table, for instance, check if your site_url option has the following urls “” or “” or both.

Category of this WordPress SPAM:

Usually credited under WordPress redirect spams or WordPress redirect hacks, The SPAMis used to redirect traffic to other websites. Advertisement revenue is the main source of income for these hackers. Consequently, since advertisers need traffic on their websites to generate revenue, they hire hackers/spammers to generate traffic using these kinds of methods.

But, one positive aspect of the spam is that in 99% of cases your website’s content is safe because their primary target is to drive your consumer traffic to their website. Meaning, these hackers just do it to earn money and do not harm your digital space or ruin your digital reputation.

It is quite hard to figure out the problem without a wordpress security developer on your team. It took us two hours to completely audit the WordPress site.Consequently, we performed two quick fixes to get the site back-up and running again.

How to remove it SPAM SPAM in wordPress SPAM in WordPress

Step 1. Login to your database, in the options tables, change these two options to your original domain. to to

Step 2. Remove all astra-sites plugin from the frontend_skin/plugins folder. As the hackers are targeting the plugins are in the folder.

Step 3. Rename your cache plugin if you are using any. Thus, it disables your cache plugin and your website is back-up and running again.

The WordPress security team at NexGen Innovators recommends you to remove it because it  exposes the server configuration while importing your theme.

It may be also possible that the spammer has  selected some other weak plugin of your website. So, this option might not work for you. In that case you can contact to our WordPress Security Experts to audit your complete website.