site redirecting

Our site was redirecting to a hacker website. I talked to tech support with our hosting company (InMotion Hosting) and he felt the redirection was coming from the database, although he could not find the code in the database. He was able to make a change in the wp-config file that stopped the redirection. And he told me to run a scanner to find the infection. I installed Defender and it didn't find the issue. I installed Wordfence and it didn't find the infection either. Do you have any ideas? Should Defender have found the issue? Any help would be greatly appreciated.