Site Hacked – Malware Injected

Hello

Thank you for contacting the support and sorry for the issues you faced.

We are extremely sorry that this happened. Please read here about the official apology statement and how we communicated to our users before the leak was available publicly:
https://www.facebook.com/groups/rankmathseopluginwordpress/permalink/576571766548487/?comment_id=576580039880993

That being said, what you are facing now can be resolved easily, IF Rank Math is the reason. Keep Rank Math disabled and follow these steps:
0. Take a complete backup of your site
https://wordpress.org/support/article/wordpress-backups/

1. Update all your plugins and themes to the latest version.

1.1 Optionally, opt for an auto-update by following this tutorial:
https://rankmath.com/kb/version-control/#auto-update

2. Update WordPress to the latest version and reinstall it.

3. Please enable the Rank Math plugin and if you have Rank Math’s redirection module active then re-check if all the redirections are correct here:

If not, then please delete the ones you do not recognize

3.1 Please make sure there are no unauthorized users registered on your website.
/wp-admin/users.php

3.2 Check the menu items and the links inside them and remove any unwanted links:

4. Install a malware scanner like Sucuri or WordFence and run a scan for checking if there are any suspicious files on your server. If you find any, remove them all.

5. Follow these setup tutorials to confirm if the settings are correct:
https://youtu.be/dTvZuMRzW4w
and
https://www.wpmediamastery.com/rank-math-seo/?utm_campaign=Rank+Math

6. Optional: We would recommend using Cloudflare if not already

7. If that doesn’t help, your site could be hacked due to one of the plugins listed here
https://www.webarxsecurity.com/wordpress-vulnerability-news-march-2020/

8. In that case, please ask your hosting to run a malware scanner and remove any unwanted files from the server. Change the password of all the users on your website. Change the salt keys on your website. Finally, follow these security measures:
https://mythemeshop.com/blog/wordpress-security-tips/

Please let us know how can we help you further. Again, we’re extremely sorry that this happened.

We are here to help. Thank you.

Hello Henry,

Sorry about that.

Like everyone else, we also advise you to always stay updated with the latest version.

You can opt for an auto-update by following this tutorial:
https://rankmath.com/kb/version-control/#auto-update

Hope that helps. Thank you.

Hello,

Please stay advised that the affected version was 1.0.40.2 and the latest build is 1.0.41.2, which is 3 versions higher (excluding beta releases).

Hope that helps. Thank you.

Hello,

Glad that helped.

All the steps are listed here:
https://support.rankmath.com/ticket/site-hacked-malware-injected/?view=all#post-40418

Thank you.