Hi
Really hard to provide guidance without a little more info. The first question I have is, is this your site: https://turning-point-balletschool.be/home/kalendar/ ? It seems to be, odd that the attacker would deface you with a link to your own site. But if it’s not, here are a few things I’d recommend:
1 – Try looking at the root of your site and check your .htaccess and index.php files. See if there are any anomalies there.
2 – Try replace wp-admin and wp-includes – do fresh installs – meaning do it via FTP / SFTP. Don’t drag and drop over existing directories. Rename the old ones and push new ones. Don’t forget the root files from core as well, with exception to wp-config, you’ll need that.
3 – I noticed that your wp-admin is still working: https://turning-point-balletschool.be/home/wp-login.php?redirect_to=http%3A%2F%2Fturning-point-balletschool.be%2Fhome%2Fwp-admin%2F&reauth=1
Try logging in and disabling the plugins (all of them). Also see about replace your existing theme, even if only temporary.
If you can’t get in via wp-admin, then disable wp-content via FTP by renaming the directory. These are just some basic troubleshooting tips.
Here is a little TIps and Tricks guide that might help: https://blog.sucuri.net/2012/11/website-malware-removal-ftp-tips-tricks.html
4 – Look at the root and see if you see any .html files, they could be loading when WP loads causing this page to render.
If this doesn’t help then you might want to seek professional help.
Cheers
