My WordPress website got malware and redirects to spam websites. What can i do?

Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

@macmanx thanks for your reply

i did follow the guide but it did’t solve my problem and for the security measures i don’t have shell access to my server and i don’t have the .htaccess file in my file manager and i did toke a backup from my backup section in my cpanal can i consider it a good backup?

A cPanel backup is a fine backup, but do you have one from before the incident?

@macmanx no i don’t have any backup before

Ok, then making a backup now won’t do you any good. The whole point is to keep recent backups on hand so you can just restore from a pre-incident backup.

Have you contacted your hosting provider’s support about this yet?

@macmanx i have a problem with my hosting provider it’s a privet hosting so contacting the support team is quite difficult.
is there any other recommendation solution you can help me with? it’s rely frustrating i never had any thing like this happen

I mentioned contacting them because they’d be the most equipped to help you.

If they won’t help, and if you tried everything outlined in the earlier guide already, then the only other alternative is to hire someone that specializes in cleaning hacked WordPress sites, like https://sucuri.net/

will it make a deterrent if i re-install WordPress?

@ieman1991 not really because they aren’t attacking your core WordPress files but rather the more vulnerable plugins and themes. and if your site_url/home values in wp_options is being changed (causing the redirect), then it is probably due to a vulnerable plugin that you have.