Now that we have removed all plugins and themes, we are left with the core. Now we are going to reinstall the WordPress environment via WordPress itself.
You can find the re-install Now page here: www.[yourwebsite].com/wp-admin/update-core.php
Change your passwords
As mentioned in the official WordPress FAQ, it is important that you change your passwords, you will have to do this for your own accounts, user accounts, and local accounts, lets say, your MySQL database password.
Wordpress stores a password in wp-config.php, you should expect that the attacker also gained access to that. Change it.
Reinstall your plugins step by step
You can start reinstalling the plugins, step by step, make sure that they are updated and patched. Once you have installed everything, perform an vulnerability audit on your website. Use the report, to verify if all the low-hanging-fruit vulnerabilities have been fixed.
Get all the logs that you can find, and start digging into them. Try to find information that you can use.
Check for newly created files on your WordPress site and hosting environment.
You can also tunnel your traffic via cloudflare. This service can mitigate most of the attacks that target your WordPress website.