Hack aftereffects and assistance please with what's next…

Our sites were hacked. Code injected, we’re pretty certain, through a comments form plugin.

We’ve now resorted to offering no mailserver contact via the server. We just put a GIF up with our email on it and people can reach us that way.

The code that was laid in ran a shell script to change permissions globally.

We’ve found and cleaned out the code, but we’re finding that 755 isn’t working on permissions anymore to allow WordPress to write into folders. So all of these errors trying to upload to the media folders keep flying.

Only 777 permissions setting will work, but that is notoriously not secure.

It’s as if WordPress has completely lost authority, and the servers considers WordPress as “World”. Ugh.

Does anyone have suggestions what are next step should be. This is maddening and so fu_king evil.

Thanks!