Looks similar to a search redirect. You’ll see the results when all of your search results go to someplace else. Lots of ways for it to get in there. But, fix the htaccess. Get a standard one from WP here: https://wordpress.org/support/article/htaccess/. Then, you should change all credentials: hosting, ftp, database, MySQL, and WP admin credentials. … Read more
With steps 1 and 2 you are only removing the symptoms of the infection, not the infection itself. Blockings access and changing permission (steps 3 and 4) makes a difference for outside approach of your system. But the infection is already inside your site. So, with these steps you do nothing to remove the infection. … Read more
This is a case of general security. At a minimum do the following steps: Delete the file you found in wp-admin Delete the htaccess file Download the official wordpress from wordpress.org and upload it to your server, overwriting anything it finds. If possible delete the wp-admin and wp-includes folders and any files starting with wp- … Read more
I’m also seeing this on a hosting place that has several WP installs. Cleaning them up (removing files that aren’t supposed to be there, removing code) hasn’t fixed things yet, it keeps coming back. If you want to decode strings like that, use the https://www.unphp.net site. Use the recursive check button. I’ve found bad code … Read more