I had made a test site, without security plugin (Wordfence)
The site was hacked.
I noticed that in Linux WEb hosting dir there were a few .<something> dirs, hiddend dirs, so
- I deleted all hidden dirs & possible files
- I changed the tables name from wp_<table> to wp_<something>_<table>
- I changed with a plugin admin user name and set a new password.
- I run checks of security, using plugins (compare with original installation, find problems e.t.c.)
- I installed the security plugin WordFence
The site was ok after all these
Another solution RESTORE A FRESH GOOD BACKUP & CHANGE PASSWORDS & WORDFENCE