domain site hacked 1&1 gave information. don't know how to fix

This is what they said. Any suggestions on what to do? I am not computer literate to this level. How do I fix it?

2. Consequences of the attack

2.1 The code which was inserted into your files aims to sent Spam, to spread a
virus or create malicious search results.

2.2 This is the reason why a Google search for your domain may show the alert:
“This site may harm your computer.”

2.3 We have disabled the infected files by setting their file permissions to
‘200’. Please note that parts of your sites are no longer accessible on the
Internet.

2.4 In order to prevent further malicious intrusion to your webspace, we have
also disabled the file containing the security leak.

3. How to reestablish the presence and security of your websites

3.1 Upload a more secure version of the following modules of your software:

– WordPress

You will further information on

Home

3.1 Secure all security leaks in your scripts. We found possibly successful
exploits through at least the following scripts:

./truthandcommonsense/wp-content/themes/what-so-proudly-we-hail/header.php

Note: In order to preserve the formatting of this file and make it easier to
read, please open the files with MS WordPad.

3.2 Replace the infected files necessary for your websites. If you
have a backup, please scan it for malicious code before you upload it. In case
you should not have a backup, we recommend to fully rebuild your websites with
an updated software.

3.3 Finally, make sure that the permissions of your files are correctly set to
‘644’.