Hacked

Hello,

I was notified by Hostgator last week that all the sites on my shared hosting plan were taken offline because of malware.

I started to sift through my sites and they seemed to all have the same malicious folders that even after deleted would re-upload.

I didn’t realize but I had the old WordPress default themes on a bunch of my past and abandoned sites so I deleted them.

The malicious files that I kept on seeing did not seem to re-appear for more than a day when they were previously being re-uploaded about twice a day so I thought I was safe and got rid of the problem.

But I was wrong.

Approximately an hour ago, I got a notification from Wordfence that an admin user was created and logged in.

I immediately logged in via my admin and deleted the user but it was clearly too late.

When I accessed my website the page was showing some pop-up with my site totally gone. I do not know if it was malware or a virus but it seems it re-directed users to this malicious domain.

In fear of harming my other sites, if not already injected, I immediately deleted the entire website that got hacked as I was not really using it.

The weird thing was that after I deleted the user but before I deleted the site, I performed a Wordfence scan and it said everything was fine.

Why would WOrdfence not find this issue? Clearly it is quite substantial and resulted in my website having to be deleted.

Any insight on this matter will be greatly appreciated.