So I have a client that has a site that was apparently hacked, but we aren't sure when or how it happened. We have Wordfence premium on there but can't find the problem. Unfortunately she uses Wishlist Member which is encrypted so we can't see if those files are corrupted.
Anyway the hack makes it so only mobile visitors get redirected, but they are getting redirected to porn sites.
I was wondering if anyone had any advice on how to remove such a hack since we have already been scanning the site with Wordfence and the only questionable content that comes up are the encrypted files for her premium plugins, which we have actually gone ahead and overwrote with the latest version.
All themes and plugins and wordpress are up to date, but the redirect is still happening. I have also verified the .htaccess is clean too.
Thanks so much for your help.