I also confirmed that the SERP link was actually to mctb.org but can't be certain of that
spammed the back history so badly
Initially the most probable thing would probably just be malware on someone else's computer/and-or issues with HTTPS on that page (not always on by default for me).
Given the evidence above it is a lot more likely to be a compromised machine or plugin.
I recommend:
1) Updating WP and all the plugins.
2) Install the plugin really-simple-ssl (the page is not SSL by default for me).
3) Installing the plugin wp-cerber, and configuring it. This is a free security plugin for WP that can run scans and quarantine certain malicious objects. I believe it also has a setting to try to prevent cross-site scripting, and it offers automated IP blocking and some DDoS protection.
4) Checking the WP admin to see what users exist. I have seen compromised WP sites with many fake users. Disable any you don't recognize.
Look for comments on pages that shouldn't exist or anything else weird/possibly injected.
5) Experiment with disabling all the potentially compromised plugins one-by-one.
6) Get someone to help look at this at the server level. See if the Apache logs are still logging and if they record what is happening specifically with the redirects.
I would guess a WP/plugin vulnerability was taken advantage of and something was injected somewhere in the WP database that shouldn't be there.
It is not very likely but there could be something like a corrupted .htaccess file or some weird Apache settings.
I have seen cases where a WP link accidentally forwards to a malicious IP due to a malformed url somewhere, like something ending in "com.com."
Check the WP salts!
Worth checking for any other signs of intrusion.
7) Have someone harden server security settings in Blue Host (ports open, is the DB on another server/is that publicly accessible, etc).
Work out who has SSH access.
Make sure there is no access with just an easy password.
No harm in installing things like fail2ban (more IP blocking for malicious login or ssh attempts) and ClamAV (free antivirus scanning, runs on Linux).
8) Consider migrating the site.
It is not totally helpful to do this without knowing what the problem is (don't want to bring it with you). On the other hand, a once compromised server is hard to trust.
-SG