If you find evidence of a hack, start a site recovery process

Some key steps:

1. Update plugins, themes, core WordPress to most recent versions
2. Remove extraneous logins from WordPress and hosting (old developers, past employees, etc.,)
3. Reset all passwords in WordPress and hosting account. This means forcing a password reset request for all users.
4. Make sure all accounts in WordPress and hosting still have your emails or emails you recognize associated with them. Delete ones that don’t.
5. Install security scan plugins one at a time, then deactivate and delete them, one at a time. Make a note of any issues uncovered.
6. Talk to a good dev resource about cleaning up any other issues. For example, free contact form plugins can have
7. Create additional layers of authentication for CMS access to prevent brute force attack break ins.
8. Remove any found pages through a Google search or internal site search and ask Google to not count them in GSC.