Thank you, Peter.
I see now that I overlooked the option to set things up manually. My site doesn’t have a user.ini, but I found my way via php.ini.
Wordfence is already reporting many errors and possibly infected files though, and it even look like changes to .htaccess are being reverted. I’m afraid to simply delete the infected files – what would be my next line of action?
