My WordPress site has been flagged for malware, and Google Ads has stopped all campaigns until the infection is fully cleared. I’ve already spotted a few suspicious files and snippets of injected code, but I need a seasoned WordPress security pro to finish the job properly. Here’s what I expect from the engagement: • A deep scan of the entire installation—core, themes, and plugins—to identify every malicious file, redirect, or script. • Complete removal of viruses, trojans, backdoors, and any other malware you uncover. • Restoration and verification of clean core files, with all themes and plugins safely updated. • Hardening measures (firewall rules, login protection, file-permission tightening, etc.) so the problem doesn’t return. • A concise cleanup report listing what you found and removed, plus recommendations for ongoing security. • Final confirmation that the site passes Google Ads malware review and loads normally for visitors. If you regularly work with tools such as Wordfence, Sucuri, MalCare, or similar, that’s a plus—use whatever stack you trust to deliver a clean, secure result. The project wraps when Google lifts its restriction and the site runs smoothly without any warnings.