What to do if WordPress website is hacked or infected?
- Contact information security experts in order to identify the source of the attack, confirm that it is a not false positive detection and clean up infected files.
- Reset all system users passwords (FTP users), Plesk users passwords, WordPress users passwords
- Update web applications like WordPress, Joomla, etc up to date and their plugins.
- Follow Plesk security best practices
- Protect WordPress installation: How to secure WordPress in Plesk?