Going forward please make sure that all customer and internal Wordpress sites are secured by using the following steps.
REMOVE all unused plugins and themes
UPDATE all plugins and themes
REMOVE the user "admin" and set up "hamish" for the admin function with a complex password (no more Required12 etc)- Login as "admin"
- Create "hamish" with email address of hamish@mywebcare.co.uk
- SAVE PASSWORD AND SHARE THROUGH LASTPASS
- Log out "admin"
- Login as "hamish"
- Delete user "admin" and assign all content to "hamish" when asked
INSTALL and ACTIVATE “wordfence” plugin to help secure the site properly.- https://www.wordfence.com
- Import the wordfence configuration using the token (copy & paste): 253598dbd43b29215236d8e278e326e4cea0815c7f414f99885e3fb5cbfb99743408895cf7b4827635b6db7f16f87e262c14c79bc7d29bd18b77262a8902c90b