This is my site - (redacted site URL with malware from an XSS exploit - for security reasons)
I created this website in wordpress and suddenly realized malware in my site after google ads stopped and warned me.
Below are the malwares found by sucuri sitecheck.
<script type="text/javascript" src="//go.oclaserver.com/apu.php?zoneid=1903718"></script>
<script type="text/javascript" src="//go.oclaserver.com/apu.php?zoneid=1903718"></script>
All my other wordpress websites got the same malware but my hard coded sites doesn't have any malwares. I want to know what is causing these malwares to come again and again even after I reinstall wordpress soo many times. And I want help in removing malwares making them not come again.
Please Help Me.
Learn more about Cross-Site Scripting here: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Wordpress is commonly susceptible to XSS attacks in the form of comments, various plugins, lack of good security hardening practices by wordpress administrators, and even ads from Google and other ad vendors.
Your specific issue from Sucuri Site Check states:
Malware entry: rogueads.unwanted_ads Description: Varios malicious injections that result in displaying ads (or opening pop-up or pop-under windows)without site owner's consent. Such injections may utilize scripts from legitimate ad networks
You should probably attempt to figure out the source of the exploit and fix that, your best bet is security.stackexchange.com or since it's wordpress - wordpress.stackexchange.com