Just “de-hacked” a website using bmoar.com/ss.js
You need to search the database with bmoar.com, it’ll tell you it’s in options.
Delete the whole row (key + data).
Go to fancybox settings and reset default settings. you should be back to normal.
Do use a plugin such as wordfence to ban brute-force login attempts. (I set it at 5 max attempts with 60 days ban)
Hope it helps
