Website Redirects to Strange Pages
Higher-risk issue — be cautious and consider professional help sooner.
Visitors who open your site get sent to spam, ads, gambling, adult, or other unrelated pages. This often points to a security problem.
Common signs of this issue
- Opening your site briefly shows your page, then jumps to another site.
- It happens mainly on phones, or only the first time a visitor arrives.
- It happens from Google results but maybe not when you type the address directly.
- Customers report being sent to ads, scams, or adult content.
Safe checks you can do yourself
None of these require sharing passwords with anyone.
- Reproduce it safely: try from a phone on mobile data and from a Google search result, and note where it sends you.
- Note whether it happens for everyone or only certain devices — mobile-only redirects are a classic sign of injected code.
- Search
site:yourdomain.comon Google and look for unfamiliar pages. - Check Google Search Console for security warnings, if you have it (read-only).
- Confirm whether you have a clean backup from before the redirects started.
What this usually means
Sneaky redirects — especially mobile-only ones — usually mean malicious code was injected into your files, theme, or database, often through an out-of-date plugin or a stolen password.
Because the code hides itself, simply "clicking around" rarely removes it; it needs to be found and cleaned at the source.
What not to do
- Don't enter logins on a device showing the redirects.
- Don't randomly delete files hoping to hit the right one.
- Don't ignore it — search engines may flag and de-list your site, and customers lose trust fast.
When to get help
Malicious redirects are a strong reason to get professional help quickly. Cleaning them, closing the entry point, and getting any Google warning lifted is specialized work. This guide is a first-aid checklist, not a substitute for proper cleanup.
Not sure what to do next?
Answer a few short questions and we'll point you to the safest next step — DIY, a freelancer, or a direct review. No passwords required.
Is this a business website? If this issue may be costing you leads, sales, or trust, you may want a direct review instead of trial and error.
Frequently asked questions
Why does it only redirect on mobile?
Injected malicious code often targets mobile visitors specifically to avoid the owner noticing. It's a common sign of a compromise.
Will changing my password fix it?
Changing passwords is wise, but it usually won't remove code already injected into your files or database. That needs a proper cleanup.