As it usually happens with Web Developers in the beginning, they have big problems with hacked sites.
This is primarily because they use outdated themes that have been hacked or downloaded for free (nulled themes or plugins) and are not regularly paid for, and they already have some malicious code in them or are outdated, i.e. not upgraded to the latest versions.
A quick read of the account is to restore the backup. Restore account.
In that case, after restoring after completion, please contact the support to scan your account again and check if there is still a virus or not. If there is, then you restore the oldest existing backup.
This will solve the virus problem, but it will not solve the problem permanently.
The next step is to update all plugins and themes if possible.
Look at which plugins you use and look at the time when that plugin was last updated, if it was last updated 3 months ago or more, it means that the author has given up on that plugin and will no longer deal with it, and that means that that plugin is a big security risk for your site.
If you use a theme, check for the latest version as well as for the plugin, if you don't need to change the theme if you don't want your site to be hacked again.
There are various plugins that seem to give the feeling that your site is protected, but installing additional plugins opens up new opportunities for the site to be hacked, so keep plugins to a minimum.
The best protection for the site is a regular update of plugins and themes. Deleting inactive and unnecessary plugins and themes.
On our hosting, we use premium software for protection so that you are completely safe from this side, but the last line of defense is your site and your activity and update.
