I meant to state “former” and not “latter”. That has been corrected above. The explanation that I sent to you via email has been posted below as it may be helpful for someone else in this same situation.
Hackers typically place files and/or code all over the place (in WP Core files and elsewhere under a hosting account) so that when you do something like reinstall WordPress, another file with additional hacker code in it, typically wp-config.php, wp-blog-header.php, index.php, etc. automatically reinfects the site again. So the most logical explanation for why just reinstalling WordPress worked is you already removed the hacker files that automatically reinfect the site and the only hackers files/code left over, existed somewhere in WP Core files. When I used to dehack websites I would first take the site offline to prevent reinfection while finding and removing the hacker files that reinfect the site and then finally replace all standard WP Core files.
- This reply was modified 1 day, 10 hours ago by AITpro Admin.
- This reply was modified 1 day, 10 hours ago by AITpro Admin.
- This reply was modified 1 day, 10 hours ago by AITpro Admin.