When you have been hacked there is only one safe way to deal with it, replace all the code with new fresh code so that you are 100% sure there are no back doors left.
# First go to your server with SSH
ssh [email protected]
# Change to the WordPress install
cd ~/public
# Replace all WordPress.org repository plugins
wp plugin install $(wp plugin list ——field=name) ——force
This process can also be useful to those who have FTP-uploaded plugins and have old unused code in their directories that were not overwritten during the upload process.
With Pro plugins, you will most likely have to do this process by hand. It will always be quicker to remove the old directory before uploading via the command line as you can delete whole directories in one go. If you use FTP to delete it will delete each file and sub-directory separately before deleting the parent directory, thus taking much more time.
# First go to your server with SSH if you are not already there
ssh [email protected]
# Change to the plugins directory
cd ~/public/wp-content/plugins
# Remove the plugin directory by name
rm -rf plugin-name
Be very careful when using rm -rf
it means “force remove recursively everything below this point”.