Regain Access or Control of your Site: Change your Webmail, cPanel, FTP, MySQL Passwords.
Alert your web host about the situation, so that they maybe able to identify the cause and mitigate the problem. Give them a secondary email address that is not at your website so your host can still contact you if your site goes down or if the hacker is reading or deleting your website email. In case of HostingXtreme, the fastest way to get in touch with us is to mail us at [email protected]
Find out the Vulnerability: Take note of which version of software and plugins you’re using and look at the vendor’s website to see if there were any open vulnerabilities. Take a look at your access logs to see if there has been any suspicious activity. Detailed access logs may only be available through your web host so ask them for help. Check for files with recently modified dates, suspicious names or files in suspicious locations.
Restore your Files and Database from a Backup, if you don’t have a backup, check with your web host. Files that were not in your backup need to be restored manually either by creating the file again or in the case of a blog, you can find your article archived somewhere (i.e. archive.org, Google cache, RSS Reader history). Don’t forget to change your MySQL passwords in your configure.php files
Eliminate the Vulnerability: Depending on what your vulnerability it is, get rid of it. To be on the safe side, upgrade everything to the latest version.
Monitor your Site Activity for the next couple of weeks.
Now start keeping regular backups of your database and files.