Pop-up ads have suddenly started showing across my WordPress site, a clear sign something malicious slipped in. I have full admin access and haven’t added any new plugins or themes recently, so the infection likely crept in through another vulnerability that now needs to be tracked down and eliminated. Here’s what I need: • A thorough scan of all core files, themes, plugins and the database to locate every malicious snippet or injected script. • Complete removal of the malware and any backdoors, followed by file integrity verification. • Hardening measures—up-to-date security plugins (Wordfence, Sucuri, or your preferred tool), secure permissions, and recommended .htaccess or wp-config tweaks—so the problem doesn’t reappear. • A brief report summarizing what was found, what you fixed, and any further steps I should take to keep the site safe. Once the pop-ups are gone and the site is clean and loading normally again, the job is done.