Why were you hacked?
This is a good question, and one that needs some serious thought before you begin cleaning your account. Sites can be hacked for a number of reasons, but we'll touch on the most common reasons here so you can address them.
1.) Login and Password that aren't strong enough.
Admin and Pass are NEVER strong passwords. Never use passwords that someone can guess. Always use passwords that are strong, include special characters and numbers. If you need help with generating a password, we recommend using this password generator: https://identitysafe.norton.com/password-generator
2.) Old and outdated sites.
Please be sure to always keep your sites updated, especialliy if you are using Wordpress. You'll want to be sure to drop into your admin area and update any time a new version is out. By using the latest software, you can be sure any security holes are patched.
3.) Poorly written or outdated Wordpress plugins or themes.
THIS IS THE SINGLE BIGGEST PROBLEM WITH SITES THAT HAVE BEEN HACKED RECENTLY
Please read this carefully as we can't stress this enough. Plugins and themes have been the single biggest problem for users accounts. NEVER use a plugin or theme that is written by 'fly by night' plugin creators. Usually these plugins are made to 'just work' and they are written so poorly that they can be exploited by a hacker within a few seconds.
NEVER use a plugin or theme that doesn't receive normal updates.
NEVER use a plugin or theme that the vendor is no longer available for support.
NEVER use a plugin or theme that you don't know specifically what it's purpose is.
Plugins and themes have direct access to your site's coding, and if they are exploited, hackers can travel through your entire cPanel account and do what they please with it.
What to do if you have been hacked?
In most cases, you can clean your account, remove any malicious files, and secure your site by running through these steps. However, if your account has been extremely hacked and the hackers have had a long time to do what they please with your account, then it may be impossible to remove all 'backdoor' scripts in your account and the only course of action is to completely delete your hosting account.
To attempt to clean your account, the following steps have to be done to ALL sites within your ENTIRE cPanel:
1.) Update Wordpress software to the latest version.
2.) Update all plugins, and remove any that you are not using. REMOVE all plugins that meet critera above in 'why were you hacked'
3.) Update ALL themes, and remove any that you are not using. REMOVE all themes that meet critera above in 'why were you hacked'
4.) Change your Wordpress Admin login to a strong, secure password.
5.) Install Wordfence plugin from the Wordpress plugin repository and run a FULL scan of site, plugins and themes.
To run a full scan within Wordfence, go to Wordfence -> Options -> Scans to Include and select the following:
-Scan theme files against repository versions for changes
-Scan plugin files against repository versions for changes
-Scan files outside your WordPress installation
-Scan image files as if they were executable
Please see this pic for a visual:
Unfortunately, we can't provide site-cleaning services and can't run these steps on your behalf, but we can try to assist if you run into any problems.
If at any point we determine that your account is a safety issue for our customers and/or servers, we may have to immediately suspend and or remove your account from our servers per our terms of service.