Question posted in 
Someone is changing my wordpress site URL to their ad spam URL. I changed it from php my admin and it was fixed, the hacker inserted a java script to every wordpress post and pages to redirect all posts and pages to their ad page, I deleted all of them. Then I installed wordfence security plugin, scanned the entire website, found some malicious codes and deleted everything. Then I changed my cpanel and wordpress password. I am using my own VPS so I also changed my root password, but still just after 12-24 hours, I can see that the wordpress site URL has been changed. I fix it and again it becomes changed.
I have mentioned what I have done, what else I can do to prevent this? Please any suggestion will be appreciated…
2
Answers
Your website has most probably been exploited, and the exploit is still active, as a backdoor for that Hacker..
I would check the access logs for your web requests, and especially POST requests!
which might show where is the hacker logging in via.. some Theme or Plugin that was exploited most probably.
If your web host does daily backups, it might even be worth reverting back to previous days to remove any changes… — remember if you revert back any posts/changes from that day onwards will disappear.