My WordPress site has been compromised and dozens of spam posts are now sitting in the blog feed. The comments section is untouched, so the intrusion seems focused only on creating new posts rather than hijacking existing ones or altering the theme. I already removed a few articles manually, but they keep coming back, which tells me there is still malicious code (or a rogue user) somewhere in the installation or database. I need the entire infection traced, cleaned, and the underlying vulnerability closed so fresh spam can’t be injected again. Key outcomes I expect: • A complete scan of core files, themes, plugins, and the database to identify every malicious script or backdoor. • Safe removal of all spam blog posts without affecting legitimate content. • Patching or hardening of the exploited vectors—whether that means updating WordPress, replacing compromised plugins, resetting file permissions, or tightening API keys. • A brief report outlining what was found, what was fixed, and recommended ongoing security practices. Feel free to use any proven security tools—Wordfence, Sucuri, WP-CLI, or your own automated scripts—as long as the site is fully operational and clean when you’re done. Access can be provided to both the WordPress dashboard and cPanel. Maximum budget: 30 USD