Once again about malware | WordPress.org

With KSES, WordPress offers a function to clean up the HTML code in the frontend, i.e. only permitted HTML elements and attributes are displayed there. However, this is only used if the theme used and plugins that output in the frontend also use KSES. Improper programming of themes and plugins can lead to problems at this point. With a hacked website, you can also never be sure how KSES is affected. Anything can happen through such a hack, which is difficult to grasp and limit.

My recommendation would therefore always be not to try a cleanup first but to use a clean backup directly. The project should then be secured.

See also:
https://projectdmc.org/documentation/article/faq-my-site-was-hacked/
https://developer.projectdmc.org/advanced-administration/security/hardening/

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer