So my site was hacked with spam at some point in the last week or so (not even sure) I'm guessing. Basically the hackers just created a bunch of spammy pages with links, etc
I went into google webmaster tools and did a fetch as google, I guess this re-directs all the spammy links to my homepage? Then I installed wordfence and did a scan and cleaned everything out, updated all my plugins, changed cpanel and wp admin passwords.
Everything appeared good for a few days but then this morning worfence scan found that index.php had been modified and a bunch of new spammy pages had been created. I restored the file to original and that seemed to fix it but since it happened again, I know I'm still vulnerable.
I don't know when I got this virus and I feel like it would be a huge hassle to restore from a back-up so what's my best option?