If your website has been hacked, and if you can still access the backend, here are a few tips to get it back online.
Under updates, press the "Reinstall Now" button.
Alternatively, you can download WordPress, removing the wp-content folder from the download and uploading it via FTP.
Replacing the WordPress file structure will remove any malware in the basic file structure.
Remove Unused WordPress Themes
Remove any unused themes in your themes folder will quickly remove hidden malware files.
Replace, reinstall, or remove your plugins. If you have deactivated plugins, you can delete those. The biggest takeaway is to have a clean plugin folder.
Scrutinize your Media Folder
Go through your media folders looking for rouge PHP files; you should only find image files. If you find an index.php file, that should be there, but it should be empty.
Inspect your Wp-Config.php + Index.php files
If you see a lot of code injected into the top of wp-config & index.php files that make zero sense, it's most likely spam. If you aren't sure, ask an expert. Otherwise, delete the injected scripts (not the files itself).
Just poke around your files, looking for anything that looks suspicious. These are typically files that are unpronounceable.
Update your File + Folder Permissions
Last but most important, update your folder and file permissions. If you are on a shared host or not sure how to do this, ask your hosting provider to update these settings for you.
If you don't, it's like leaving the front door of your house after it's been robbed.
Still, stuck? Contact me for help.