Unexpected redirects can come from compromised application files, malicious .htaccess rules, injected JavaScript, CDN rules, or misconfigured application URL settings.
Common symptoms
- Only visitors from search engines are redirected
- Redirects happen on mobile but not desktop
- The homepage redirects to an unrelated domain
Troubleshooting steps
- Inspect
.htaccessand application bootstrap files for suspicious redirect logic. - Disable plugins and themes selectively if the application recently changed behavior after an update.
- Check the site's database for altered base URLs or injected scripts in content areas.
- Review CDN, edge, or caching rules for accidental or malicious redirects.
- Scan for recently modified files and compare them against clean vendor copies where possible.
Additional notes
- Conditional redirects that only affect certain devices or referrers often indicate a compromise.
- A redirect can be served from the CDN even after the origin files are cleaned.
When to contact support
Contact support if the redirects continue after reverting recent changes and clearing caches.