1-Complete scanning to find all malware from all locations including Files, Databases etc.
2- Complete removal of all malware from all [login to view URL] will fix the redirects & hacking issues.
3- Installation with correct configurations of security plugins, firewall and settings to avoid future threats (Settings include htaccess/files/folders protection, brute force attack protection, sql injection and many other aspects).
4- add security rules in htaccess file ? change wp admin URL.
ALL SECURITY SETTINGS TO HARDEN THE SECURITY.