Recovery the Wordpress website in Linode server.

My site just got an attacked. The Linode temporarily disrupt service and send the letter to me. The letter as following: We have received a report of malicious activity originating from your Linode. We ask that you investigate this matter as soon as you are able. Once you have completed your investigation, kindly reply to this ticket with the answers to the following questions: 1) What was the source of the issue? 2) What steps did you take to resolve this issue? 3) What steps did you take to prevent this from occurring again? Being as this activity is in violation of our Terms of Service, we ask that you reply within the next 24 hours. If we do not receive a reply within that time, we may temporarily disrupt service to your Linode in order to prevent further malicious activity. ------------------------------------------------------------------- I think my Linode is compromised. How can I tell? ------------------------------------------------------------------- If you believe that your Linode has been compromised, you can start troubleshooting by auditing the following log files and writable directories: - /var/log/[login to view URL] : Check this log file for signs of unauthorized access and brute-force attempts. Use the ‘last’ command to cross reference recent account logins with this file. - /tmp : This directory is often used by malicious parties to store files - Web server logs: There may be a vulnerable script or web application. The location of these log files depends on your web server (apache, nginx, etc.) configuration. - ps aux : Use this command to audit running processes for foreign processes .... I want someone can help me to recovery the whole website.