Because this hack only affects first-time visitors to a website, we only became aware of it when were alerted via Google Search Console.
2. Install iTheme Security
If you do not already have iThemes Security installed, do it now!
Once you’ve activated the plugin, click the “Get API” button. Then click the third option in the second box for quick secure, and close that box.
You will now be in iThemes Security Settings. At the top, you’ll see an area that says, “Go to” with a dropdown that says, “Choose a section.” Select “Malware Scanning,” then hit “Scan Homepage for Malware.”
If your site is clean, you’re good. If it’s not, make a note of all the files infected, as pictured in the top image.
Download fresh copies of WordPress and all infected plugins. Unzip them into a folder. We called our folder “Hack repair.”
Via FTP, upload the fresh files.
Wait 10 minutes, then scan again.
If people visit your site while you are cleaning things up, more files will get infected. So, you may have to go through the entire process multiple times, with multiple plugins, before your site is clean.
Be sure to do this on all sites you may have hosted under the same hosting package.
3. Scan All Sites Every Day