WordPress hack

Hi. I don’t know if you can help me out. I provide data to see if you can tell me where you think the security hole is, since the content itself can be recovered but I want to prevent it from happening again. It was a new website … it was less than a month old and therefore visits were nil. The software was logically updated.

THEME ACTIVATED: GENERATEPRESS. There were others installed but not active: those that are by default in WordPress.

ACTIVE PLUGINS: lightbox, classic editor, cookie bar, wp-useronline. Disabled are Askimet and file-manager-advanced (THIS LAST ONE HACKER HAS MADE IT!).

OTHER DATA:

– I cannot access my Admin user (password changed). I see in MySQL that the mail follows mine.
– New folders and files have been generated (a sitemap folder with URL pointing to my site but nonexistent type mydomain.com/spWKLxkkkwe SO thousands.
– A PHP file in the root called «n.php» that shows all the files that are uploaded and also allows uploading files to the site.
– In Google Search Console the hacker became the owner, since he was able to link my site with Google by entering an HTML code. I imagine it will be to see the statistics of the site? And I also write down the thousands of URLs of the sitemap.
– The attacker is: Fifhter Anas Shell – Royal Battler BD

Regards