Please help! Don’t know what to do.
Your site has probably been hacked and something was added to a folder or possibly the database. It’s impossible for me to tell you exactly what to do. Do you have a backup of the site before it was hacked?
Hey John,
Yes we have backups, restoring a backup resolves the issue for about 24 hours and then the redirects start to happen again.
So, I cannot say if this will help you but this is from my experience dealing with similar issues.
There are files on the server. Some of these may be hidden files. In addition to this the file names may be created in such a way that they cannot be deleted by normal means even if you can see them. Restoring from a backup will not eliminate these files.
What you need to do is to delete everything on the server. A hint that you have hidden files that you cannot correctly delete is that you will be unable to delete folders that are apparently empty but give you an error that you cannot delete a non-empty folder. If you run into this condition then you need to contact your hosting company and ask them to delete these folders.
Once everything has been deleted change the FTP password, make it something secure, and then restore your site.
Also, I have had some luck using the Wordfence scan. There is a setting to do a more thorough scan and I’ve had some luck with getting Wordfence to delete the malicious files.
