Limit exposure
Contact the host, put the site into maintenance when necessary, and stop sensitive transactions. Do not trust a merely normal-looking page.
Preserve a copy
Keep available files, database, and logs before cleanup. They help reveal scope and prevent the same entry point from returning.
Rotate access
Change passwords from a clean device, revoke unknown accounts, rotate keys, and inspect email, domain, and hosting access.
Clean, then correct the cause
Restoring a backup is insufficient when a vulnerable plugin, compromised account, or configuration remains. Then verify the site, search engines, and critical journeys.
This guide provides a general starting point. A diagnosis must account for the actual site, access, data, and constraints before any change.