It seems like there are a lot of WordPress websites getting hacked lately. WordPress is vulnerable for a couple of reasons, with the first being the fact that something like 25% of all the websites on the internet are built on WordPress, so they are a tempting target. The second, is that all the plugins and themes, as well as WordPress itself have to be updated all the time to fix any vulnerabilities. If you don’t update your site, you make yourself an easy target for hackers.
Here is what I do when one of my sites gets hacked and some idiot takes over the homepage and posts something like “you have been hacked”
1) Delete all files from public_html
2)Delete database, and username from cpanel Mysql
3) copy all folders and files from the site backup on your computer to public_html through FTP
4) Create new database, User, and password in cpanel
5) import database from the backup sql file on your computer in phpmyadmin to the new database you just created.
6)Change database, user, and password in WPconfig.php file and ftp to public_html
The site should now be working
7) change password for website
8)change password for cpanel and FTP (probably the same)
9) Install “wordfence” plugin