My WooCommerce store is hammering the server with constant CPU usage (constant) and unusually high outbound traffic even when no one is on the site. The behaviour points to a compromise or hidden malware that slipped through at some point. I already installed several security plugins and an XML-RPC blocker, yet the symptoms never improved, so a deeper manual inspection is clearly required. A full-stack WordPress security sweep, malware removal, and performance tune-up is the goal. The site has a fresh backup from within the last month, so you can work confidently and roll back if needed. Core, theme, and plugin updates, database clean-up, hardening (firewall, file permissions, login protection), and any other best-practice steps you deem necessary should be carried out until the server load returns to normal and the storefront runs smoothly. Acceptance criteria: • All malicious code, files, or processes identified and removed • Idle CPU and network usage back to normal baseline • Latest stable versions of WordPress, WooCommerce, and plugins installed without breaking existing functionality • Clear post-cleanup report detailing what was found, what was fixed, and recommendations for ongoing security The site: - Platform Ubuntu 22.04 LTS - Web management on CyberPanel 2.4.4 - WordPress 6.8.3 - WooCommerce 10.3.4 - Blonwe Theme