It helped me although my first step isn't one you must take. I had a fantastic old style pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me.) And then I did what I should have done before I started my site. And here is where I want you to start. Learn hacked. The thing about how to fix hacked wordpress and why so many people recommend because it is really easy to learn, it is. That can also be a detriment to the health of our websites. We have to learn how to put in a security fence.
Well, we're actually talking about WordPress but what is the sense if your computer is in danger of hackers of performing updates and security checks. There are files which can encrypt key loggers on your computer. you can try here When this occurs, regardless of what you do, they can access everything that you type on your computer. You can find a lot of antivirus programs online. Search for a credible antivirus program or ask experts about this.
This is quite handy plugin, protecting you against brute-force strikes that are password-crack. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts for a range of IP addresses when a certain number of failed attempts is reached.
Can you see that folder, Imagine if you go to WP-Content/plugins? If so, upload this blank Index.html file inside that folder as well so people can not see what plugins you have. Because even if your existing version of WordPress is up to date, if you are using an old plugin or a plugin with a security hole, then someone can use this to get access.
The plugin should be regularly updated to stay current with the latest WordPress release, play nice and have WordPress and restore capabilities. The ability to clone your site (in addition to regular backups) can be useful if you ever need to do an offline website redesign, among other things.