Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
Thank you Steve! I believe I have done many of the points outlined, so my thinking was if anyone have experienced something similar and have any ideas?!
I believe I have found the issue and that it was a cross-site malware. I.e. my site was not infected but loaded a javascript from a third-party that caused the redirect.
What I did:
1. Downloaded the entire db and searched for script tag, eval and base64.
2. Removed all plugins and themes not used
3. Switched the theme to a fresh download
4. Upgraded WordPress and all themes and plugins
5. Downloaded a massive amount of files and searched the content of them for malicious code that could cause a redirect
6. Installed Wordfence and Security Ninja. Scanned and also made some security improvements.
6. Changed passwords
I came up with nothing! So I started looking in Chrome developer tools to see what my site loaded and from what domains. I then found a request to a third party server javascript. This request was actually most likely added by me once upon a time, for tracking web site stats. I now believe that this was infected and caused all issues.
So working theory is that my site was not infected in any way….