husmenusta

@sterndata Thank you.

For anyone who is still searching for a solution. These are the steps I did take and worked for the moment.

1st – Login to your ftp and compress and download all public html folder and it contents.
2nd – Open the backup folder with a text editor with your choice.
3rd – Check your index.php file and you will see the malware code. It’s the first line. Copy that and search-replace with blank. (These codes are in your index.php files across the website.)
4th – Check the header.php file in your main theme. In the first line there is a different yet similar redirect code. Delete that as well.
5th – Open any js file. You will see in the first line there a function implemented. copy that and with searc-replace delete that code from all of your files.
6th and least – Go to your phpmy admin and search the redirect url. If it returns positive you either need to write and sql querry like this :

REPLACE (post_content, '<script async src=\'[(https:///hjsers.js)](https://xxxxxxxxxxxxxxxxx/hjsers.js](https://xxxxxxxxxxxxxxxxx/hjsers.js))\' type=\'text/javascript\'></script>', '');

or install a plugin such @sterndata suggested and get rid of them.

7th (optional) – This is optional but I will suggest WordPress repository for removal of this plug-in. This is unacceptable and it is not happening the first time. Yet the support team only provided a solution for those whose site not fully redirected after 5 days.

P.S If you have additional suggestions/tips for easier removal please comment so more people can benefit.

I hope you can resolve all of the problems. Thanks.

Why are you even talking if you don’t know what is going on? @jdembowski

hacked happened due to this plugin, not a general one. so posting cookie cutter replies really doesn’t help