Investigating a hacked WordPress site on Linode being used as a DDoS relay (opens in new tab)

I think after being compromised, safest course of action to get back to production would always be to rebuild everything, starting from installing a fresh OS. I think the article was a bit vague about this part.