Hi there,
sounds like your site has been hacked – apart from gaining admin access they may have added some malicious code to your site.
This guide covers the core basics of securing your site:
https://www.wpbeginner.com/wordpress-security/
They recommend Sucuri – which is a pretty good plugin who also provides this for cleaning a hacked site:
https://sucuri.net/guides/how-to-clean-hacked-wordpress/
I generally use Wordfence for my protection ( iThemes security is also good ). Wordfence provide a cleaning service which includes a years premium subscription so pretty good value:
https://www.wordfence.com/wordfence-site-cleanings/
I would begin with reviewing the first article to improve your security.