Hi gmichael7,
did you manage to solve this?
I got affected as well.
I had the same problem and was able to fix this.
Issue here is your theme was hacked.
If you look at the wp_posts table you could see post with post_author = 0 (see also post_content or post_title like ‘%binary%’ or post_title like ‘%trading%’ or post_title like’%option’% So I suggest delete these entries first.
delete from wp_post where post_author = 0;
Only bots(googlebots, bingbots) can see these posts, you can see in your wordfence live stats that when bots index these pages it creates an entry in your wp_posts table.
Go to you theme folder search for functions.php, look at the bottom an check is you can see a line with base64… delete this line.
Go to google webmastertool and apply for security check. Google will remove the “this site might be hacked” in a couple of days.
delete remaining entries in wp_post delete from wp_post where post_author = 0;
also posted in reddit
WordPress hacked with URL injection.how do I clean it?
by inWordPress
