If you suspect that your WordPress website has been hacked, here are some steps you should take to address the issue:
Quarantine your website(s): Take your website(s) offline or restrict access to it immediately to prevent further damage.
Scan your website: Use a reputable malware scanner, such as Sucuri or VirusTotal, to scan your website for any malicious code or files. This will help you identify the extent of the damage and the specific areas that need to be cleaned up.
Change your passwords: Change all your website’s login credentials, including your CMS, hosting, FTP, and database passwords. Use strong and unique passwords to prevent future attacks.
Restore from a backup: If you have a recent backup of your website, restore it to a clean version of your website. This will remove any malicious code or files that were injected into your website.
Update your website: Make sure all your website software, plugins, and themes are up to date. Hackers often exploit known vulnerabilities in outdated software to gain access to websites.
Install security measures: Install security measures such as firewalls, anti-virus software, and SSL certificates to prevent future attacks.
Monitor your website: Regularly monitor your website for any suspicious activity or changes. Set up security alerts to notify you of any unusual activity.
Request a review from Google: If your website has been flagged as unsafe by Google, request a review once you have cleaned up your website to have the warning removed.
If you are not comfortable with these steps, consider hiring a professional website security company to help you clean up your website and implement security measures to prevent future attacks.