If you received an email about your website files being compromised, make sure it is legit by calling your web hosting company and forwarding the email to our support team.
Our next steps, as webmaster, is to reach out to your webhost about their protocol for a compromised website and a scan on their end to confirm where the compromised files are on the server. Under your website care we will restore a clean backup of WordPress, and then take note from the webhost about where the issue arose if outside of WordPress. This may mean the webhost recommending a third-party service to clean up the compromised files or additional security.
The best way to prevent a compromised website is to keep WordPress and plugins up-to-date, which we do for you monthly under website care, as well as keep daily backups to restore in the event of an issue. Unfortunately just updating won’t prevent a hack 100% which is why we help work with the web host and third parties to restore your website on the event of a hack and institute security measures to prevent most known methods by hackers.