Title: Scan – Mobile Last modified: August 1, 2024 --- # Scan – Mobile * [matk33](https://wordpress.org/support/users/matk33/) * (@matk33) * [1 year, 10 months ago](https://wordpress.org/support/topic/scan-mobile/) * Hi, * We currently have a hacked redirection on our website. It seems like this redirection is only happening with a mobile device and not every time. * Wordfence scan does not detect this redirection. Maybe it is because the scan is not running with a mobile user agent? * Any idea how we can find what is causing the redirection or something that can be tweak in Wordfence configuration? * Thanks! Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Support [wfpeter](https://wordpress.org/support/users/wfpeter/) * (@wfpeter) * [1 year, 10 months ago](https://wordpress.org/support/topic/scan-mobile/#post-17927975) * Hi [@matk33](https://wordpress.org/support/users/matk33/), sorry to see you have a redirection on your site. * When something has created unwanted or malicious files or code, you may find our detailed site cleaning instructions and free Learning Center can help you find the cause and clear it yourself: [https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/) [https://wordfence.com/learn/](https://wordfence.com/learn/) * **Make sure to fully back up your site before taking any action!** * If your site was compromized in order to add the code/files, we’ll always recommend** the passwords for your hosting control panel, FTP, other WordPress admin users, and database** have _all_ been changed. Also make sure WordPress, themes, and all of your plugins are fully up-to-date in case a known exploit on an unpatched vulnerability was used. Wordfence and other providers do have paid site cleaning services should you not be able to rectify the problem yourself, but this is by no means a requirement and I’m only mentioning it so you’re aware of all options. * I would recommend providing any suspicious file(s) you find to **samples @ wordfence. com**. If the source that caused it is packaged in a way Wordfence isn’t currently picking up during a full scan, our researchers can look into it and get back to you with a suitable course of action. * **Make sure any database credentials or keys/salts are removed before sending anything to us.** * Many thanks, Peter. * Thread Starter [matk33](https://wordpress.org/support/users/matk33/) * (@matk33) * [1 year, 10 months ago](https://wordpress.org/support/topic/scan-mobile/#post-17929848) * Hi, * Finally found the problem. Plugin WPCode was installed by the hacker and a PHP snippet was run each time the website was loaded. PHP snippet was stored in wp_options under wpcode_snippets option name. The snippet was doing many thing, including hiding the WPCode plugin from the admin side… * Hope this can help someone else having similar issues. * Mat Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Scan – Mobile’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 3 replies * 2 participants * Last reply from: [matk33](https://wordpress.org/support/users/matk33/) * Last activity: [1 year, 10 months ago](https://wordpress.org/support/topic/scan-mobile/#post-17929848) * Status: not resolved