I picked up a strange issue on my WordPress site today while reviewing stats in Google Search Console. I noticed a malicious 301 redirect happening for an old post, one that had no redirect rules set. Specifically the post had a 301 redirect set to send traffic to seonix.org, which is definitely a malicious site. I’m still tracking down how this happened, as it seems to have only affected a single post on the site. I’ll follow-up here with more details when I have them.

Problem

One of my older posts has a malicious 301 redirect sending traffic to seonix.org, which is definitely a malicious site.

Solution

I tracked the malicious 301 redirect down to the Yoast SEO plugin for WordPress. The following SQL query allowed me to solve it.

1. Backup Your Database

We’re doing to remove these directly from the WordPress MySQL database, so make sure you backup your database just in case any bloopers occur. You should always do this when working with SQL on a database.

2. Find Malicious Results

I recommend that you first check for malicious Yoast SEO redirects with the following query, which will only list matches (not delete).

SELECT * FROM `wp_postmeta` WHERE `meta_key` LIKE '%_yoast_wpseo_redirect%' AND `meta_value` LIKE '%seonix.org%'

3. Delete Them

If the list of results provided by the test above are all items you want to delete then the following command will remove them all for you.

DELETE FROM `wp_postmeta` WHERE `meta_key` LIKE '%_yoast_wpseo_redirect%' AND `meta_value` LIKE '%seonix.org%'

What is Seonix.org?

If you landed here searching for seonix.org information in general then you probably are experiencing some sort of issue related to them. Seonix.org is a malicious site that seems to be attempting to manipulate search rankings by hacking into secured systems in order to place spam links leading back to their website. If you have seonix.org links on your website then it’s likely that they gained access through a social media related backdoor, which based on my research seems to be the approach or tactic they generally use to do this.

If you have any other seonix.org related hack information to share please do mention it in the comments below for other visitors that are having trouble with them also.

About the Author

Kevin Leary is a web developer in Boston, MA specializing in enterprise website design and development, online marketing, and conversion optimization.