The WordPress site that was hacked is www.avmsingers.org
We assume it was a pharma hack, but cannot find the lingering elements of the hack, after having removed the malicious code from wp-config.php (hacked insertion that was removed is attached)
The client's Google search
results was the initial alarm for this situation
The offending Redirect to pharma/spam sites cannot be found with Wordfence or other scans, see:
The wp-options table in the db seems fine.
Can anyone Help with finding the appropriate source of the virus within the site that we need to edit out?
(or what next steps to help debug removal of this hack)
Thanks in advance!