Restore Hacked Corporate Website

My Wordpress built website was recently hacked and is now offline. Both the public-facing files and the underlying database were compromised, so I need a full clean-up and restoration that brings the site back online safely and keeps it that way.

Here is what I know so far: • The intrusion affected core files and the database tables; malicious code and unknown users may still be present. • I do not have a confirmed recent backup, so part of the job is to inspect any server-side snapshots or hosting backups that might exist, validate their integrity, and use the best source to rebuild the site. • The platform/CMS is standard for a corporate site (PHP, MySQL on cPanel hosting). No custom server modules—everything runs over Apache with common extensions.

Deliverables I need from you:

1. Complete malware removal and file clean-up, including hidden backdoors.
2. Database sanitisation, repair of corrupted tables, and restoration of legitimate records only.
3. Verification that the site loads correctly, with all corporate pages and forms working as before.
4. Post-recovery hardening: update core, plug-ins, and dependencies; change salts, keys, and passwords; set proper permissions; and install a security plugin or WAF ruleset to monitor future threats.
5. A short report summarising what was compromised, what you removed, and the preventive measures put in place.

I will give you full FTP, cPanel, and wordpress admin access as soon as we start. Please outline your approach, estimated timeframe, and any specific tools you prefer to use (e.g., ImunifyAV, Wordfence, MalDet, or custom scripts). I’m ready to hire immediately and will stay available to provide information or test pages as you work.

I have uploaded a photo of what the website shows when you try load it. Budget: AUD 20–50 Skills: PHP, Web Security, WordPress, MySQL, HTML, Web Development, Database Management, cPanel