Fixing a hacked site has become easier with a tool we highly recommend every WordPress site should have called wordfence security. its free and can and should be installed via plugins in your WordPress dashboard.
Install it via plugins
then add the following code into a .htaccess file in your www or public_html folder:
# BEGIN litespeed noabort
<IfModule rewrite_module>
RewriteEngine On
RewriteRule .* – [E=noabort:1]
</IfModule>
# END litespeed noabort
Once done log back into your WordPress Dashboard and run a full wordfence scan. If it finds anything you can choose to restore the original which should resolve the issue.
Basically, select Select Bulk Repair files and Repair them.
For those that cannot be repaired check that the files are not critical ones and do a Bulk Delete if necessary.
Note: Always make a backup of your files before making changes. Recommended.
Lastly, open up PHPMyAdmin and check your wp_users table and check if there is any user called Service. Delete this user. At times some users are created as a backdoor for Hackers as well.
