Fix vulnerability on ubuntu wordpress

Good afternoon!

There is a VPS on Ubuntu with a couple of almost identical wordpresses, quite recently installed.
At night, outgoing traffic on the VPS jumped to 1 gigabit / s and the hoster turned off the network.
That is, it looks like the server or wordpress has been hacked and spammed/shoved from it.

Required:
- identify the point of hacking and do a common basic security audit
- fix vulnerability
- make changes to prevent the problem from recurring