glowfroghosting

Also, looks like you may need to try switching your PHP version.

What version of WordPress are you using?

Check the PHP version of your site by adding a phpinfo.php file in the document root then edit the file and enter the following text:

<? phpinfo(); ?>

Browse to the file to see what version of PHP your site is set to use. If your WordPress site, plugins and theme files are all up to date 7.1-7.2 is generally the best.

I see an error 500 page when browsing to your login URL.

Plugins that add to the .htaccess file can sometimes cause this.

Have you tried replacing the .htaccess file in thr document root for your domain to the default WordPress .htaccess?

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Security plugins are a MUST. If your core files have been compromised, running a core file replacement will replace your compromised files with a new clean version from WordPress. This can be done quickly via wpcli if you have shell access. I’d recommend making a backup before doing so.

This replaces just your core files, leaving everything else intact:
https://developer.www.ads-software.com/cli/commands/core/

Many of our clients use WP Cerber in place of WordFence and unlike most hosts, we do not actively recommend WordFence to our Customers: https://www.ads-software.com/plugins/wp-cerber/

Our Statistics show that our clients using WP Cerber generally request assistance less often for WordPress security related and resource issues than our Clients using WordFence Security – take that as you will.

Plugins like iThemes Security can easily find backdoors and then you can remove them manually.

Our customers also use Site Lock website security. We provide this free of charge to our hosting customers but you can ask your current WebHost if that’s an option for you. It helps to layer your security from the ground up.

Although we clean our customers websites for free, Sucuri has a really good guide on cleaning WordPress sites after a hack for those of you who have little support from your current Web Host: https://sucuri.net/guides/how-to-clean-hacked-wordpress

They also have a free online malware website scanner: https://sitecheck.sucuri.net/

After running a core file replacement, you will want to check your database to ensure there aren’t any suspicious entries. Most of the time they are quite obvious and you can manually remove them using PHPMyadmin. Aside from the obvious, look for common malicious PHP functions, such as eval, base64_decode, gzinflate, preg_replace, str_replace, etc.

The security layer model we recommend:

Site Level
– WordPress Backups
– WordPress Security Plugins
– .htaccess
– Hide Your WordPress Login Page or Password Protect the Page

Server/WebHost Level
-website backup
-database backup
-firewall
-mod security
-anti virus

Third Party
-website security integration (Site Lock, Sucuri etc.)
-Live Site Monitoring

Good luck. Hope this helps.