The site is definitely hacked. At least one of your theme’s JavaScript is compromised. This also generates this fake cloudflare view – for whatever reason.
My recommendation: first read this article:
FAQ My site was hacked
After that I would recommend checking whether you still have a clean backup. If necessary, ask the support of your hoster. If so, delete all files and the database and restore the backup. Then change all access data in the hosting. This should solve the problem.
Finally, you should secure your project. This is described in more detail in the article here: https://ww.wp.xz.cn/documentation/article/hardening-wordpress/
If you need personal help at any point, try contacting your hoster’s support first. Alternatively, you may also find someone here: https://jobs.wordpress.net/
@jhimross & @threadi Thank you for the reply.
Actually, I tried all this things I just want to know is there anyone know the root cause for this?
The root cause for a website hack can be very diverse. It starts with plugins or themes that have not been updated and contain security vulnerabilities, and can range from passwords being spied on for access to the project to hacked hosting access. In my experience, it is not worth investigating the specific cause as long as you have a live web online that can potentially cause damage to visitors. I would therefore urge you once again to clean up your website as described above.
