WordPress glossary

302 Redirect Hack

A compromise where injected code 302-redirects search traffic to affiliate or scam URLs while showing the real site to direct visitors.

Last updated 27 June 2026 · Reviewed by Ali Yasin Jatoi

The 302 redirect hack cloaks behavior by user agent or referrer: Googlebot and humans typing the URL see the normal site, while visitors arriving from Google search are bounced via a 302 to an affiliate funnel. Because it is a temporary redirect, the original URL stays indexed, which is why the attacker uses 302 not 301. Detect by curling pages with a Googlebot user agent and a google.com referrer.

Where this applies on our service

WordPress 302 redirect hack

Related terms

When this comes up in the wild

Need this fixed, not just defined?

We have shipped hundreds of fixes for exactly this kind of issue. Book a 20 minute call and we will tell you straight whether it is a quick fix or a bigger root cause.

Book a 20 minute call +92 346 600 8404

410 Gone robots.txt Hijack

Call Book a call