A hacker used the WordPress REST-API Exploit to modify content on two WordPress recipe articles.
Was an easy fix.
Since I’d not updated the content in years I used an old backup (pre WordPress 4.7.0) to restore the site.
Changed the password on the virtualserver, changed the WordPress password, updated WordPress (manually) to WordPress 4.8.0 and the site is now back to normal without the exploit or hacked content.
Moral of the story, make regular backups and make sure WordPress is kept up to date and don’t assume auto update is working, this is basic cyber security for WordPress users.