After dealing with a new hack for a few days in a row, after reinstalling WordPress, upgrading plugins and still not passing Google’s site review, I finally found a way to ensure all traces of it were thoroughly cleaned and gone. Using the String Locator plugin then searching the Themes directory, I searched for a common pattern of the malicious code in the js files, I’m not going to type it out here so my site doesn’t get mistakenly flagged as being hacked, but will post an image with the highlighted area, to simply retype then search for:
Putting it into String Locator and searching looks like this:
Then simply login via FTP, and clean the bottom of those files, by removing everything at the bottom after the semi-colon “;”, as seen here:
You’re welcome! If you need help doing this and want to hire us, contact us.