Wordpress Malware Removal - CPanel possibly infected

**WordPress Malware Removal & Security Investigation** I need an experienced WordPress security specialist to investigate and completely remove a persistent malware/SEO spam infection from an existing WordPress website. **Website** * https://www.resolutiondoors.com * cPanel, SSH and WHM root access available. * Full backups available. **Symptoms** * Imunify reports database malware (`spam-seo.hidden_content`). * Hidden SEO spam links have been detected. * Cached pages previously contained links to gambling/spam websites. * Yoast SEO error logs reference external spam domains including: * marisawoodforcongress.com * mbdou9hm.ru * tipwin-bet.com * rosmolbizclub.ru * and several others. **What has already been done** * Restored website from backup. * Updated WordPress. * Updated all plugins. * Updated Divi. * Deleted spam posts that had been created. * Completely deleted and reinstalled: * WordPress core * All plugins * Divi theme * All themes * Only `wp-config.php` and `wp-content/uploads` were retained. * Cleared WordPress cache. * Exported the database and searched it for the known spam domains using `grep` — no matches found. * Searched the website files for the spam domains using `grep` — no matches found. * Despite all of the above, the malware/infection still appears to be present. **Additional Requirement** I am also concerned that the compromise may extend beyond this individual WordPress installation. The successful freelancer must therefore: * Check the cPanel account for any signs of compromise or persistence mechanisms. * Check for malicious files, backdoors, cron jobs, hidden users, shell scripts or other indicators of compromise. * Verify that **all other websites hosted under the same cPanel account** are clean. * Advise whether there is any evidence that the server account itself has been compromised rather than just the individual website. **What I need** * Identify the actual source of the infection. * Remove it completely. * Determine how the site was compromised. * Ensure there are no backdoors or persistent malware. * Verify that Imunify scans clean. * Verify that Google/SEO spam has been completely removed. * Check the integrity of the cPanel account and all websites within it. * Harden the WordPress installation and cPanel account against future attacks. * Provide a brief report explaining: * what was found, * how the compromise occurred (if identifiable), * what was cleaned, * and what recommendations you have to prevent it happening again. **Important** Please do not simply reinstall WordPress or run a generic malware scanner. That has already been done. I need someone with genuine experience investigating persistent WordPress malware, hidden SEO spam, server-side compromises, database injections and backdoors. I am a web developer myself, so I'm looking for someone with specialist WordPress security and malware removal experience rather than general WordPress development. Please begin your proposal by briefly explaining what you believe is the most likely cause based on the information above and how you would investigate it.