How to cleanup WP site from injected “sort.js”

How to spank the squirrels that injects shit in your WP site

- Login your dashboard,
- Rename root index.php to pause the website.
- Remove unrecognized administrator user.
- Remove `plugins/wp-cleansong` and find out any script that uses base64 encoding, probably is around in additional snippets plugin.
- Checkout if there is any plugin folder that isn't being shown in plugins list.
- Install malware scanner plugin and try to update your PHP above 7.4.
- and of course update the WP constantly