Hi @hmarksthespot, thanks for reaching out!
If a full high sensitivity Wordfence scan hasn’t highlighted anything, I would certainly still be suspicious of any redirection like that from your site. Known issues can sometimes be packaged in a different way to cases seen before by our scans. After taking measures to try cleaning your site or identifying an issue, you can send suspicious code samples or files to?samples @ wordfence . com. If you do, just make sure to?remove any database credentials or keys/salts?in any files you send over. Our team can help advise next steps from there.
You can follow our checklist here:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Make sure to get all your plugins and themes updated and update WordPress core too if they’re not already. As a rule, any time I think someone’s site has been compromized I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database in order to cover the key access points to change things on your site. Make sure to do this.
Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful.
If you are unable to clean this on your own there are paid services that will do it for you. Wordfence offers one and there are others. Regardless if you choose to clean it yourself or let someone else do so, we recommend that you make a?full backup of the site beforehand.
Many thanks,
Peter.
