What to do when your WordPress site looks compromised.

First, write down what you see: strange redirects, unknown users, spam pages, warnings from browsers, blocked login, or unexpected changes. Screenshots help.

Second, preserve evidence and backups before deleting things. A messy backup is still better than no backup when a recovery goes sideways.

Third, check users, plugins, themes, server files, database entries, redirects, and scheduled tasks. Update only when you understand the risk. Some hacked sites break during updates because the attacker changed core files or plugins.

Finally, close the hole, clean the site, rotate passwords, review hosting access, and submit rechecks where needed. Then maintain the site so the same mess does not return next month.