Be sure to download a copy of anything before you delete it to be 100% safe you don't lose something you need.
  1. Download a copy of your wp-content folder.
  2. Download a copy of your wp-config.php file.
  3. Download a copy of your gallery themes folder.
  4. Download a copy of your gallery config file gallery/include/config.inc.php
  5. Delete all gallery files except the "albums" folder.
  6. Delete all wordpress files/folders except the folder wp-content/uploads
  7. Delete any other files/folders not mentioned above. At this point you will only have the albums & uploads folder. Be sure to delete the cgi-bin & .well-known folders
  8. Request I scan your image folders for hidden backdoors (or visually inspect and remove ALL PHP files)
  9. Use PHPmyadmin in Cpanel to inspect wp_users table for unknown users, manually change passwords associated with all admin accounts.
  10. Upload fresh copies of wordpress & coppermine.
  11. Edit your config files, remove backdoor codes injected by the hacker. Use cpanel to create new database passwords. Insert new wordpress "salt".
  12. Upload fresh themes/plugins.

This guide does not cover forums, video archives, icons, affiliates, etc. But those files all can contain hidden backdoors also so be sure to clean your entire account.