Before following the below steps check your website on below link whether your site hacked or not.
Another method to check whether your site is hacked or not
- Can you login to your WordPress admin panel?
- Is your WordPress site redirecting to another website?
- Does your WordPress site contain illegitimate links?
- Is Google marking your website as insecure?
Follow below steps to maintain your site.
- Keep a full backup of your website files, assets and database.
- keep all your articles in a Word Document format and date them and keep detailed notes of the images that are attributed for each post and the URL used for each post along with the categories and tags.
The process of cleaning a hack is fairly basic.
- Take your site offline temporarily.
- Run a security scan of your computer, network, web server
- Change all passwords
- Backup your wp-config.php file and wp-content folder
- Get a fresh install of WordPress and theme and plugins
- Manually check the files and assets in your wp-content folder, especially the uploads folder. Check the images for hidden code in the actual image. If all checks out upload them to your new WordPress installation.
- Check your database locally on a local web server for any funny business. Scan it using several security plugins like Wordfence Security, iThemes Security (formerly Better WP Security), Anti-Malware Security and Brute-Force Firewall.
- You should install the following free plugins on your website: Sucuri WordPress Auditing and Theme Authenticity Checker (TAC).
- Check the database for users that shouldn’t be there.
- If the database checks out the upload to your web server.
- Again, make sure to change your user credentials for all access points, Hosting, FTP, Email, Database credentials, your website credentials etc
- Scan everything again.
- Check user permission
- Change your secrets keys
- Change your passwords again
Then try and figure out how did you get hacked. If all else fails or this is to complicated, then hire a pro.