1- Update your website!
If you are using any CMS ( Content Management System), it needs to be updated to the latest version. Why you ask? The fact is out-of-date software is the leading cause of infections. This also includes your plugins, themes, and any other extension type your CMS uses.
2- Change your passwords
Change the passwords related to your website: FTP, cPanel, WP-admin, etc. They could have been compromised and we do not want you to be reinfected because the attackers can still come back in through them.
Also, when changing passwords, esure you choose strong password. What often defines a good password is built around three core components – Complex, Long, and Unique. Using a Password Manager, so you do not have to remember them all in your head, is encouraged.
*Password Tip: Start using a password manager like: Peguta or LastPass. They're online and free.
3- Change your database password.
If your site accesses a database change your database password. Please be sure to update your configuration file. This is not an automated process so you will need to know how to open those files and edit manually. If you are not familiar with how to do this you can contact our support team.
4- Run a virus scan on your personal desktop/laptop.
In a several cases websites are compromised due to a desktop malware that steal credentials. It's why we always suggest you run an antivirus product. There are multiple options that you can choose, including BitDefender, Norton and Sophos. We also recommend looking at additional tools to protect your desktop, like Malwarebytes (Windows and Mac) and CleanBrowsing (DNS-based).
5- Do some spring cleaning.
Old/Compromised installations of content management systems, themes or plugins. Over time these old/compromised installs become forgotten but grow ripe with malware that’s ready to infest their entire site after each clean.