I created a new account and did an install of a new WordPress website a couple months ago. I'm just using one of the built-in themes and haven't added any plugins. Other than that, it just has 5 email accounts. I really didn't think anyone would even know it was there since it was a new domain. After installing, I immediately did a full backup through CPanel (directory, SQL database and email forwarders) and the size of the backup was around 30MB. Well, after a month or so, I decided to back it up again and the size of the install had increased to 150MB. Though nothing appears different with the website at the moment, I am assuming something has been compromised. What would be the best route at this point? I would just like to recover the initial install backup. If I do a full recovery from those initial backups, won't it just overwrite the files that should be there, but leave any hacker/injected files as is? Should I delete everything in the account and then recover using the backup? If so, I am assuming this would best be done through a support ticket rather than Filezilla?