Hosting account hacked, site down… need help

Hi there. My site was hacked, and I didn’t realise because my autofill password on my google account was changed. Does this mean my google account was compromised?

I have an old backup on my localhost, and luckily have got that working. Thing is, my bitdefender constantly says ‘WEB THREAT BLOCKED: infected web resource ipecho.net/plain’.

Wordfence etc comes up clean. Thing is, there is a bunch of gibberish in the wf-config which makes me wonder if that is compromised, even though it is on my local host and I did a fresh install of wordfence? Also I have managed to import all my orders from my database, but it only shows them in dashboard and analytics, NOT the woocommerce order list, which is blank? If anyone could shed any light on that, that would be helpful.

I changed all my passwords and added 2fa to everything, but I feel my site may still be hacked and I am unsure how to proceed. Is it possible an old backup on my localhost could be compromised?