- Determine the date of the attack and restore your site to a backup point prior to that date.
- Hire a third-party service to clean up your site because it is difficult for someone who is not a WordPress security expert to find and remove all traces of an attack.
- Manually delete suspicious files on the server and delete any database tables that are not core WordPress.
- Change your hosting password, your WordPress admin password, and your database password.
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.