My WordPress homepage renders perfectly for human visitors, and both Sucuri and WordFence report a clean bill of health. However, GoogleBot and other crawlers are still being served an Indonesian casino site, so I clearly have a cloaking problem that survived my initial cleanup. Here’s what I’ve already done: • Removed the obvious hack, including malicious plugins and files. • Manually cleaned and rebuilt the .htaccess file. • Reviewed core and theme PHP files for suspicious code. What I need from you: 1. Identify and remove the remaining cloaking mechanism—whether it’s hidden in the database, obfuscated in a core file, or injected at the server level. 2. Verify that Google, Bing, and common SEO tools all see the legitimate homepage once the fix is applied. 3. Provide a brief summary of what you found and the exact steps you took, so I can prevent a recurrence. I have full cPanel, SSH, and WordPress admin access ready. If you have solid experience tracing stealth malware, conditional redirects, or SEO spam in WordPress, this should be a focused job rather than a full rebuild.