I manage ten WordPress sites that were recently hit with malware causing persistent pop-ups and unwanted redirects. Although I already run a couple of security plugins, they are only partially effective—scans flag issues but the infections keep coming back. What I need now is a thorough, manual clean-up of every site, followed by hardening steps so the problem doesn’t resurface. Please remove every malicious script, backdoor, or rogue file, verify core files and database integrity, and make sure search engines no longer flag the domains. A concise report for each site outlining what was found, what you removed, and the security measures you applied will be the final deliverable. If you are comfortable digging into WordPress file structures, databases, and .htaccess rules—and you know how to keep legitimate functionality intact—I’d like to hear your plan and estimated turnaround time.