Recently, we have received reports that our blog redirects people sometimes to shady websites. After much research, we determined the cause to be a malicious redirect caused by a security vulnerability found in an older version of the Ultimate Member plugin for WordPress. More info here: https://fixmywp.com/blog/detect-clean-wordpress-malware-redirect.php
The redirect injected code into the header of our blog’s active theme’s header file
header.php as shown in the screenshot below and highlighted. Removing this injected code removes all the redirects we discovered when opening the page in debugger mode in Firefox.
If we had ignored this problem, our website would have been blacklisted as a dangerous site. Additionally, we have updated to the latest version of the Ultimate Member plugin, which fixes this security vulnerability. All should be well now on Fusion Gameworks’ blog.