If you suspect that your site is compromised, follow this action plan without delay.
Run a scan to establish the security status of your Magento store. Magento Security Scan is a free service offered by Adobe that allows you to monitor your Magento sites for known security risks and malware, and to receive security notifications.
Hire a qualified consultant or online service to clean your site of all malicious code. Some Magento community members recommend Sucuri Website Malware Removal. Check the
/mediafolder for leftover executable code. Remove all unknown Admin users and reset all Admin passwords.
Keep your Magento installation up to date with the most current release. If you are using an older version, apply all security patches as they become available. Review and follow Magento Security Best Practices. Subscribe to Magento Security Alerts.
If you think that you have found a specific vulnerability in Magento, send a description of the problem with technical details to email@example.com.
For the additional peace of mind that comes from 24/7 support, plan your upgrade to Magento Commerce Cloud now.