Many sites were hacked and injected with forwardmytraffic malicious script, despite using Wordfence. In most cases, there’s no admin access – wp-admin will forward to forwardmytraffic[.]com.
We’ve been fixing lots of sites lately, which have siteurl value changed to either:
To prevent further data loss, you should immediate backup your database & site files. If you’re unsure how to perform this action, contact your developer or hosting provider.
Second, you should revert the changes made on wp_options ( siteurl value ) & wp_posts ( malicious injections ) tables. In most cases, siteurl and home should be the same.
Wordpress forums, redirected to forwardmytraffic.com in database and alot of scripts : https://wordpress.org/support/topic/site-hacked-despite-wordfence/
Sucuri labs, Side Effects of the Site_url Hack: <a href=”https://labs.sucuri.net/?note=2018-11-20″>https://labs.sucuri.net/?note=2018-11-20 </a>
Cleanup plans: <a href=”https://www.magefix.com/pricing”>https://www.magefix.com/pricing</a>