Your site loads fine when you’re logged in. A visitor from Google lands on it and gets thrown to some pharmacy spam page. Maybe only mobile users get redirected. Maybe it only triggers every third visit.
That pattern is not a cache issue. It’s a conditional redirect injection, and it’s one of the most common WordPress compromises of the last five years. The attacker makes sure logged-in admins see a clean site, because if you saw the redirect yourself, you’d fix it. The whole point is for you not to notice.
Top comments (0)