It’s good that you’ve regained access to your website, but without any further action, you’ll get hacked again. These are steps to take, in order to clean, and secure your site:
-
do not panic ( very important )
-
do not remove anything yourself
-
install and activate WordFence Security plugin
-
in Wordfence -> Options, select everything to scan
-
run Wordfence -> Scan, and follow instructions provided
-
repeat step 5, until the scan shows no problems
-
setup firewall in Wordfence
-
make a full backup of your site, and remember to do it frequently
If the above procedure does not work at any stage, hire a professional!
Note: it is possible, that the plugin, you’ve attempted to install, caused this infection. Be very careful installing plugins from unknown sources. Try first, to search for plugins, in the official WordPress repository.