Although hacked sites are not within scope here (and your question will be closed because of that policy), there are questions here about hacked sites that have answers that will be helpful (I’ve written a couple of them).
Cleanup is time-consuming, but possible. Generally –
- Change passwords on everything, including your admin-level user and hosting and FTP and databases.
- Manually reinstall WP Core, themes, and plugins. Delete any unused themes and plugins.
- Look at all files for added code (like in your htaccess file). Look for htaccess files in other folders.
- Look at contents of all ICO files (malware can be in a fake ICO file).
- Remove any improper admin-level accounts. Make a new admin-level account, login as that new account, and then remove the old admin account.
- Use strong passwords everywhere
- Repeat the above steps as needed to ensure there is no reinfection.
Watch your SEO. Resubmit your sitemap files to the search engines. It will take a while for search results to update.
I wrote about the above processes on my site (as well as in answers here) – see https://www.securitydawg.com/recovering-from-a-hacked-wordpress-site/ and other entries on the site.