Related article – How to check WordPress for malicious codes?
Related Article – 25 Best WordPress Security Practices
Searching for terms and phrases on a search engine
If you’re able to find any term in the code i.e. any element or any function name that is offbeat, then you can search it on Google or DuckDuckGo and analyse from the search results if the file has been infected or not.
Examine the Raw Access Logs on the hosting cPanel
If you’re able to determine what all files the hackers were looking for (i.e. watch out for POST statements in log files), then it can give you a hint as to what has been compromised. Then using reverse IP lookup, you may be able to seek the location of the hacker.
Check for plugins and themes
Sometimes, the old plugins and themes often become the reason for a security breach on your WordPress website. Some of the vulnerable areas can be older versions of Gravity Forms, Revolution Slider, timthumb.php script in a theme or plugin etc. These must be properly updated or configured in order to secure your WordPress website.
There can be hidden admin users and other potentially hacked content available on your WordPress website’s database. Before modifying the database, it is recommended to perform a secure and clean backup of the database.
wp_dequeue_style( ‘default-css’ );
wp_dequeue_script( ‘default-js’ );
Reinstalling of Plugins and Themes
As WordPress majorly uses themes and plugins as building blocks for its website, hence it is advised to re-install the plugins from the premium plugin developer. You should not install old plugins or plugins which are not maintained. The themes can be re-installed from a fresh download. If there were any modifications done then it can be referenced from backup files and the changes can be replicated on the fresh copy of the theme. Advise is to not upload old theme as the hacked files may not be identifiable to you.
Re-installing the WordPress
Scanning The PC
Install and Run Security Plugins
Tracking POST request on your cPanel
If this feature is not turned on, you can enable it using the archiving feature of Access logs in the cPanel of WordPress.