In my opinion, the best way to ensure your fix hacked wordpress that is is through using a WordPress backup plugin. This is a fairly inexpensive, elegant and easy to use way to make sure that your site is accessible to you.
Safeguard your login credentials - Do not keep your login credentials where a hacker might find them. Store them off, as well as offline. Roboform is very good for protecting them, too. Food for thought!
Move your wp-config.php file one directory up from the WordPress root. WordPress will search for it if it can't be found in the root directory. Also, nobody will have the ability to read the file unless they have FTP or SSH access.
BACK UP your website and keep a copy on your own computer and storage. Back, if you have a very active site. You spend a whole lot of time and money on click to read more your site, don't skip this! The one complete solution that does it all is BackupBuddy, no back up database, widgets, plugins and your like this files. Need to move your website this will do it in under a couple of minutes!
Using a plugin for WordPress security makes great sense. Backups need to be carried out on a regular basis. Don't become a victim of not being proactive about your site because!