My small WordPress site was compromised and spam content was injected. I need a complete and professional malware cleanup, including the removal of all backdoors and hidden injections, followed by proper security hardening to prevent reinfection. I am not looking for a superficial “plugin-only” fix — I want a clean site, a clean core, and a clean filesystem. Scope of Work (minimum requirements): Full malware removal (core, themes, child theme, plugins, uploads, mu-plugins, and database if needed) Removal of all backdoors and hidden malicious PHP/JS files Reinstall WordPress core, theme, and plugins from official repositories Clean and verify .htaccess and wp-config.php Remove unauthorized users, spam posts, and malicious cron jobs Security hardening: firewall, brute-force protection, correct permissions, disable file editor, recommend best practices Clear caches and confirm the site works properly on both desktop and mobile Final report with a list of removed/modified files and the security measures applied 7–14 day reinfection guarantee (if the same malware returns, you fix it without extra cost)