Hello @qut1 and thanks for reaching out to us!
You will most likely need to clean the site.
You have some options to help:
1) You can clean the site yourself by following the steps in this guide:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
https://www.wordfence.com/help/scan/scan-results/
Useful links after you have completed your cleaning:
https://www.wordfence.com/blog/2017/04/20-minutes-to-secure-wordpress/
https://www.wordfence.com/blog/2018/10/php5-dangerous/ (important note – this is an old blog post from October 2018 but still very relevant)
https://www.wordfence.com/blog/2018/10/three-wordpress-security-mistakes-you-didnt-realize-you-made/
https://www.wordfence.com/blog/2017/06/wordpress-backups/
We also have an extensive Learning Centre here:
https://www.wordfence.com/learn/
In a recent episode of Wordfence Live, Chloe, a lead threat analyst here at Wordfence, performed a site cleaning Live. This might help you go through the steps of cleaning your site:
https://www.youtube.com/watch?v=LYfg7iLbSlE&t
2) You can hire a professional service to clean the site for you. Wordfence offers such a service, as do others.
This should remove the redirect for you!
Thanks again!
