We’ve been fixing lots of sites lately, which have siteurl value changed to either:
This hack is a result of the WP GDPR Compliance vulnerability.
To prevent further data loss, you should first backup your database & site files.
Second, you should revert the changes made on wp_options table ( siteurl value ). In most cases, siteurl and home should be the same.
Here are some good tutorials for siteurl change:
Change WordPress Site URL Via phpMyAdmin: https://www.hostdime.com/kb/display/HR/Change+WordPress+Site+URL+Via+phpMyAdmin
Change and Update WordPress URLS in Database When Site is Moved to new Host: https://wpbeaches.com/updating-wordpress-mysql-database-after-moving-to-a-new-url/
Siteurl should be changed manually, editing site’s database table wp_options. Look for a record where option_name is equal to “siteurl“.
Note: Changing siteurl using wp-config.php values is not recommended in this case – database will remain infected.
Make sure .htaccess file is malware free – best way to do that is to replace its content with the default source code.