Site was hacked and sending out spam

Sucuri is well respected for such.

Should I hire someone to look into my site? If so, any recommendations on where to look for someone to hire?

Yes. If you are not sure about doing the complete cleanup, you can hire someone by posting here: https://jobs.wordpress.net

I have been doing some research on my hacked site and I believe it is a brute force attack. I had the limit login plug-in installed and I am receiving tons of emails notifying me that someone is attempting to login and fail repeatedly. It’s always from a different IP address.

I have found several articles on ways to increase the security of my website from these types of attacks and am working on this. My concern is that since I was already hacked adding these security measures is useless if they created a backdoor. I can’t find any articles as to what to do if your site is already hacked.

What should be my first step other than increasing the security? I erased the file that was originally sending out spam. But seeing that my site was hacked twice, I must be missing something.

I am sorry if this is so confusing, but I am at such a loss as to what to do.

Any help would be greatly appreciated.

These are the recommended resources for hacked sites:

https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

I erased the file that was originally sending out spam. But seeing that my site was hacked twice, I must be missing something.

Sure. The missing puzzle is that you only removed the files that contained the hacker’s codes or whatever indicating a hack (only the symptom). But hackers always leave a back door or an entry point through which they can easily gain entry (the root cause). You could not locate that or guess where they could be and hence did not remove those security holes. Hence, you need to go through all the steps as suggested by WPyogi. Read all the links/files carefully, make notes, remove suspicious looking codes and strings.

Sorry to say, this often requires a little bit of practical experience and knowledge of the software that you are working with. You can gain this expertise by reading and practicing, best done on your local WordPress installation (on your computer) or a test site. If you are not confident enough, you may need to hire a professional to do the job for you. It’s not such a big deal, but if you are serious about your site and its future, it’s worth it.

As regarding hiring, beware of job-seekers contacting you, probably through these forums. They may be just as good as you (or even bad). But of course, you can try posting on https://jobs.wordpress.net or make a Google search for professional sites or individuals of reputation who can do your job.

Good Luck!

I think I found a suspicious file called WP.modules.php. It was altered the day I started having issues. I am not a super expert in code, but it does refer to sending emails. It was located in my uploads folder. Is there a way I can confirm if this is suspicious are not?

PS thanks for all the help so far. It’s been very helpful!

It’s an implant by the hacker.

Should I delete it?

I am not sure if I was hacked, I recieved multiple emails while I was away from my desk about file changes. Then one saying over 1100 files deleted etc. SIte looks fine but what should I do.
https://www.stayingclosetohome.com

@close to home Blog: If you require assistance then, as per the Forum Welcome, please post your own topic.

This 9 month old topic references an old version of WordPress.