Malware cleanup advice

I’m in quite the pickle and am at a loss for any options I have. I desperately need some advice. Tbh I wana throw up..

I have 2 shared hosting contracts with a provider. I’ve got close to 60 sites between the 2. I got hit with the essential plugin for elementor exploit on a hand full of them and unfortunately it quickly spread to other sites as well (including non WordPress sites). It’s modified some core files.. and added a lot of random php files scattered allover and is inconsistent between sites.

I can’t seem to get ahead to clean them up before they get infected again (and I’m not 100% sure they are getting fully cleaned)

The hosting provider only has a few days of backups they claim, so it doesn’t help me.

I’m panicking and don’t have a plan on how or what to do other than bury my head in the sand.

I don’t have $ for any kind of professional service to try to clean this mess (and idk how they’d do it either)

Any advice on a plug-in that can do a clean but also possibly help limit / contain exposure? Before I shell out $ for a premium plugin.. I tried free versions of a few and it found some infected files but doesn’t seem to have found them all.

Anyone have any suggestions or advice on how I could possibly go about this? Other than rebuilding 60 websites in a new environment and transfer domains etc 😩


This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer