My WordPress site has been taken over by malware that now affects every single page and the admin area alike. The infection appears to have slipped in through a suspicious plugin or theme, and I have not tried any cleanup steps yet—so you’ll have full access to tackle the problem from scratch. Here’s what I need: • Identify every malicious file, database entry, or backdoor, remove them, and restore full functionality without breaking design or content. • Patch or replace the compromised plugin/theme so the same exploit cannot be used again. • Implement best-practice hardening (secure wp-config.php, correct file permissions, disable unnecessary XML-RPC endpoints, etc.) and set up an automated scanner such as Wordfence or Sucuri for ongoing monitoring. • Provide a brief post-clean report summarising what was found, what was fixed, and any recommendations to keep the site secure. Access to the hosting panel, FTP/SFTP, and the WordPress admin will be supplied as soon as we start. Once the site is clean and loads without security warnings for 24 hours, the job is complete.