My WordPress site has been hit by malware that is forcing unauthorized redirects, throwing up suspicious pop-up ads, and slowing everything down noticeably. At the moment the installation is running without any dedicated security plugin and, to make matters worse, there is no recent backup I can roll back to. I need a specialist who can: • Identify and remove every trace of malicious code, hidden backdoors, and infected files. • Patch core, theme, and plugin vulnerabilities and close common entry points. • Install, configure, and document a reputable security plugin so I can monitor future threats myself. • Set up an automated off-site backup routine since I currently have none. Acceptance criteria 1. All redirects and pop-ups are gone, and site speed returns to normal. 2. A clean-scan report from at least one industry tool (e.g., Wordfence, Sucuri) shows zero infections. 3. Security plugin and backup solution are active, tested, and their settings explained to me in a short hand-off note. I will supply full hosting and WordPress admin credentials right after project award so you can get started immediately.