WordPress Malware Cleanup: collect.clickandanalytics.com redirect

We received reports of a client website redirecting users to other pages as soon as they loaded it. The pages it redirected to were usually on the collect.clickandanalytics.com

Our server firewall didn’t report any issues. We replaced the WordPress source code (minus wp-content) but that didn’t help either. The infection had to either be in the database or inside the wp-content folder.

It wasn’t until we installed Sucuri’s WordPress plugin which detected an issue:

We opened the source code view of the website and saw two javascript files included with the domain collect.clickandanalytics.com.

Our next stop was the header.php file of the theme and there we found the two lines.

So, to get rid of the malware, you need to locate where the javascript files are included on your site and then you need to remove any and all lines containing this domain.

Always backup your website + database before making any changes.