Redirect hacks that cause a site to jump to another site (often a malicious software download, a fake e-commerce site, or a site that makes you click on a robot authentication) are not only tampering with files, but also getting into the database.
Here are some examples of database malware tampering and how to deal with them.


Example of tampering with redirect hack wp_option (configuration-related database)

Many of these tampering cases take advantage of vulnerabilities in theme or plugin settings storage to write malicious code into the settings, which is then enforced when the site is displayed.
They will plant malicious code in the settings data, for example, in the copyright notation at the bottom of WordPress.
The tampering code will look something like the following

<script type="text/javascript">eval (String.fromCharCode(118,97,114,32,115....

In many cases, the tampering in this case is sanitized (array represented as a string) data, so if you use database display software such as PHPMyADmin to remove the tampering, the array data will be corrupted and the data itself will be invalid, making it difficult to remove.

Free plug-ins to investigate and remove WordPress malware, including database tampering
Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

can also modify (malware extermination) sanitized data while preserving the array structure.

Example of tampering with redirect hack wp_contents (text content of posts)

The tampering code in this case is the same script as above embedded with eval (String.fromCharCode), or an external malicious script may be embedded directly as shown below.

<script type="text/javascript" src="//URL to malware JS"></script>

In this case, a very large amount of database content may be infected, and to get rid of it, it will replace the content strings in bulk.
Search Regex plugin
etc., which will replace the strings of the contents in bulk to eliminate the infection.

This type of tampering can also be caused by theme or plugin vulnerabilities, and in more serious cases, administrator privileges may have been dashed or database login information may have been leaked.
After removing the tampering, it is advisable to change the administrator’s password and the database password as security measures.

*We recommend that you back up the database first when modifying the database configuration contents.

Free plug-ins to investigate and remove WordPress malware, including database tampering
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].