Urgent WordPress Malware Cleanup, Site Restoration & Security Hardening

We need an experienced WordPress security specialist to investigate and fix a recently hacked WordPress website: brightonmusictherapy.co.uk The website appears to have been compromised within the last couple of weeks. The website content has been changed and appears to include unrelated spam or suspicious content. We need someone who can properly clean the site, restore it to the correct state, and improve security to reduce the risk of future attacks. Scope of work: 1. Investigate the WordPress website and identify the extent of the hack. 2. Remove malware, spam content, suspicious links, injected scripts, redirects, fake pages/posts, and any unwanted content. 3. Scan and clean WordPress core files, theme files, plugin files, uploads folder, database, .htaccess, wp-config.php, and other common infection areas. 4. Check for hidden backdoors, fake admin users, suspicious user accounts, and unauthorized file changes. 5. Restore the website to its previous clean state using a backup if one is available. 6. If no clean backup is available, manually clean the current website and recover the correct content where possible. 7. Update WordPress core, plugins, and themes after cleanup. 8. Remove unused, outdated, abandoned, or vulnerable plugins/themes. 9. Review and improve WordPress security settings. 10. Set correct file permissions and disable risky WordPress settings where appropriate. 11. Add or configure a reliable WordPress security/firewall plugin. 12. Set up or recommend reliable backups and monitoring. 13. Provide a short final report explaining what was found, what was fixed, and what security improvements were made. Important requirements: * Proven experience fixing hacked WordPress websites. * Strong experience with WordPress malware cleanup, spam/content injection, database cleanup, and security hardening. * Ability to clean both WordPress files and the database. * Experience working with hosting/cPanel/FTP/SFTP/database access. * Careful approach to avoid damaging the site. * Clear communication and ability to provide a final written report. * Available to start quickly. * Fixed-price quote preferred. Please include in your proposal: 1. Your experience fixing hacked WordPress websites. 2. Examples of similar WordPress malware/security cleanup work you have completed. 3. Your process for cleaning malware, spam injection, and hidden backdoors. 4. What access you would need to complete the work. 5. Your fixed price for the full cleanup and security hardening. 6. Your estimated timeline. 7. Whether you will provide a final cleanup/security report. Please do not apply if your only solution is to install a security plugin. We need proper investigation, malware cleanup, database/file review, restoration, and security hardening.