So, about a week or so ago, my hosting provider started emailing me that something looked suspicious on my site, and indeed something was SO bad, that I had the white screen of death. I removed all plugins, copied a new version of WordPress in, changed my hosting and mysql passwords, and installed Defender.
Last night's scans showed more files altered – I'm attaching a screenshot of what Defender says. I honestly haven't even reenabled most of my plugins, so many things on my site are actually "broken" right now (shortcodes that have no definitions) while I try to figure out what's up.
Is "guest" really doing something here, or is it that I already have compromised files that are replicating nefarious stuff?