Received message from GoDaddy: Your site has been flagged for malware.




I have received an e-mail from GoDaddy saying my hosting account (WordPress site) has been flagged for malware. It then lists some files, such as: php.backdoor.file_get_contents.005 - html/blog/hnwuc.php


I also have a security issues warning in Google's Search Console, which says my site is hacked with URL injection, and displays some URLs.


GoDaddy called me a while back, basically warning me that unless I add a security option this kind of thing could happen.


I do not wish to purchase GoDaddy's security at the moment, and my question to GoDaddy is, can I manually remove these malware files (or any other spam) from my site? If I can't do it through GoDaddy, then can I clean my site using Google or WordPress on my own?