I suppose if you wanted a ‘nuke-from-orbit’ type of fix, you could create a brand new WP instance in a subfolder of your hosting root. Then install your theme and active plugins. You could use a theme export/import plugin to get your theme settings, but you would have to re-do all your plugin options.
Then use the export/import to move your content. Be aware that if you have a large site, or one with lots of media, that you will have to do the import process several times until it it done.
If you want to clean up the site (it can be done; I’ve done it), then you need to
-
change credentials on everything: WP admins, hosting, FTP. Look for accounts that aren’t supposed to be there. You might even create a new admin user, log in as that user, then delete/demote the old admin user. Strong passwords everywhere.
-
reinstall WP via the Update screen
-
reinstall themes from known source (download to local, upload)
-
do the same for plugin files
-
remove any unused plugins/themes
-
look at every folder on your site for files that aren’t supposed to be there
-
check your htaccess files for bad commands
-
look inside wp config files for badcommands; do the same with all
index.php files
My process is here: https://securitydawg.com/recovering-from-a-hacked-wordpress-site/ . Either way, it’s a bit of work. But can be done.