Getting redirected to some phishing website on facebook browser

When I share my website link on facebook the url is scraped and the preview of the post/link is ok but when somebody clicks on the link from the mobile and it opens it in the facebook browser it redirects the user to some site.

This happens only for the first time when they click on a url of my website but it never happens twice even if they click on another link of the same site.

Here is where it gets redirected:

That looks like your site has been hacked and someone has injected some code into the page. Right now, the site is just showing some plain text saying it’s Under Construction.

1 Like

The website is wordpress the actuall url is It never happens when I go to the url from the browser or something, it happens only when I click the url from facebook post

I guess that’s encouraging that it doesn’t happen natively, but only through Facebook. There could still be some code in your site that’s looking for a specific situation, such as the Referer being Facebook and the user’s on a mobile device. Does that pop up on iPhones as well?

Regardless, this is not due to Cloudflare, so you’re going to have to find out what’s going on behind the scenes.


Seems like it was a security issue with a Image Cropping Wordpress plugin. Sombody uploded some php file in the server. Thanks

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.