Site malfunctioning after deleting malicious codes and PHP files

I have recently given the SFTP login details to one of the plugin author. But I have found today that my website is hacked and unknown codes, PHP files like wp-tmp.php and advertisements are showing. Also a long malicious code found in themes function.php. I have deleted all these files, codes and installed Wordfence Security plugin.

After Wordfence scan a file named wp-content/plugins/monit.php is showing malicious. As Wordfence suggested I deleted that file and just after that my site started malfunctioning.
1. Admin panel started showing cached pages on first click.
2. After posting 2nd post the 1st post url automatically redirected to the 2nd post
through Rank Math SEO.
3. Showing “This link has been expired” while updating or posting.

I have checked all the possible solution for that but failed to resolve. I don’t know how my website is hacked and those malicious files and codes were injected on the server.

I am using Lightspeed Cache plugin for Page optimization ( Cache Function Disabled) and Wp-Optimize plugin for cache.

I do not use NULLED plugins or themes.

Please help.

The page I need help with: [log in to see the link]