On Wed, 22 Apr 2020, chris wrote: > wiped out all the plugins to be safe. but the redirect script was and still is on every post. > 2nd possibility is in the theme itself, .. update/reinstall. You can also grep all files for base64 encoding, .. that's a popular way to obfuscate malicious code. Or, does your hosting provider have WordFence available? Lee