- Backup your database
- Download a copy of your site, but keep it separate from your clean backups
- Delete all files from your hosting package
- Contact you hosting provider to confirm that all files have been removed so that they can re-enable the site for you
- Change any passwords relating to the site, including database, administration, FTP, and mailboxes
- Rebuild your site from the latest releases of your CMS, or upload a known clean backup and update all scripts, including any plugins and/or themes, to the latest releases. If your site is custom-built, you should review the HTTPlogs and vulnerable source to identify the issue, and resolve it
- Audit your site’s security. Have you removed any installation files, checked directory permissions, removed any un-needed modules?
- Contact your hosting provider to re-enable the site
