My first step isn't one you must take but I was helped by it. I had a fantastic old fashion pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me.) And I did what I should have done before I started my site. And here is where I would like you to start also. Learn how to protect yourself until you get hacked. The beautiful thing about fix wordpress malware plugin and why so many of us recommend because it is really easy to learn it is. That can be a detriment to the health of our sites. check these guys out We have to learn how to put in a safety fence around our website.
Everything you have worked for will proceed with this should your site's server go down. You'll make no more helpful hints sales, get signups or no visitors to your site, until you have the website back up 32, and in short, you are out of business.
Harness Scanner goes seeking anything suspicious through the files on your site comment database and place tables. It also notifies you for plugin names. It doesn't remove anything, it warns you.
Make a note of your new password for the next time you sign in! I recommend the paid or free version of the software that is secure *Roboform* to remember your passwords.
However, I recommend that you set up the Login LockDown plugin rather than any.htaccess controls. Login requests will be stopped by that from being permitted from a specific IP-ADDRESS for an hour or so after three unsuccessful login attempts. It is still possible to access your admin cell while and yet you still have protection against hackers, if you accomplish that.