Let me shoot a scare tactics your way since scare tactics appear to be what drives some people to take how to fix hacked wordpress site a bit more seriously, or at the very least start considering the issue.
I protect an access to important files on the site's server by putting an index.html file in the particular directory, that hides the files from public view.
There's a section of config-sample.php that's headed"Authentication Unique Keys." There are four definitions that appear within the block. A hyperlink is inside that part of code. You want to enter that link in your browser, copy the contents that you get back, and then replace the keys you have with the unique, pseudo-random keys provided by the site. This makes it harder for attackers to automatically generate a"logged-in" cookie for your website.
Note that this step for setups should try. If you would like visite site to do it you have to change of the table names within the database.
Change admin username and your WordPress password, or at least your password, often and collect and utilize other fantastic WordPress safety tips to keep hackers out!