I serve a couple of wordpress sites.   These were hacked on Sunday (2018-08-12).

The symptoms of the hack were:

• <head> element of page is dynamically altered to include a call to polonofiex.ga/sim.js
• this script redirects the browser window to an adware site, and creates a cookie to avoid reentering the adware site for some period of time.
• polonofiex.ga/sim.js is the result of a call to src.eeduelements.com/get.php.   I surmise the indirection is so that different sites can be used to host the “sim.js” code.
• The src.eeduelements.com/get.php reference is inserted through a corrupted jQuery.js: cdn.eeduelements.com/jquery.js?ver=1.0.9
• You can find this in your theme header.php files.

I cleaned one of the sites (the much more complex one) by blowing away the directories,  unpacking a clean wordpress,  overwriting with selected files from a copy of the old tree for media.  Re-installing the plugins.  Installed wordfence to beef up security.  Note, I left the database in place.

I cleaned the simpler site by installing wordfence and running a scan.   This repaired a core file (header.php) infected with the jquery change.  I deleted and re-installed my theme.   Time will tell whether the infection re-appears,  but I’m hoping wordfence will help.