It’s a waste of time to be working on a WordPress site or any web files that have been compromised.
The proper way to handle a WordPress website is to always make a backup of the database, setup a new install of WP on a fresh new server, migrate the database over and start over.
Professionals like myself don’t even bother with trying to clean up a compromised site, why would you?
Also, if you are using a VPS, which you should be unless you are using AWS, you need to hire someone to either do what I am about to share or teach you to do what I am about to share.
You need to learn proper file permissions on a Linux VPS going forward. If you are working in the world of WordPress site development, you should have this by your side: https://wordpress.org/support/article/hardening-wordpress/
- You need to secure SSH using SSH Key Authentication
- Setup and configure the server firewall
- Harden and Optimize Apache web server
- Optimize MySQL
- Optimize and Harden PHP
- Conduct or hire someone for basic server administration
- Have that person you hired teach you basic WordPress security checklist