My WordPress dashboard has been hijacked. Every attempt to reach wp-admin returns the “Invalid username or password” message, even though the credentials are correct. A quick malware scan confirms malicious code somewhere in the install, but I have not gone further than that. Here’s exactly what I need: • Full removal of any malware or injected code in core files, themes, or plugins • Restoration of normal wp-admin access so I can log in without error • A brief report of what was found, what you removed, and how to avoid a repeat breach (security hardening steps or plugin recommendations are welcome) You’ll have cPanel/FTP access the moment we start, and I’m happy to provide additional information if you need server logs or database credentials. The job is complete when I can log in normally, the site loads cleanly, and no malicious remnants are detected by an external scanner.