Since scare tactics seem to be at the very least start considering the issue, or what drives some people to take how to fix hacked wordpress a bit more seriously, allow me to shoot a few scare tactics your way.
It will start with the fundamentals. Try using complex passwords. Use numbers, letters, special characters, and spaces and combine them to make a password that is unique. You could use.
For me it's a WordPress plugin. They are drop dead easy to set up, have all the features you need for a job like this, and are relatively cheap, especially when compared to having to hire someone to get this done for you.
Can you see that folder, Imagine if you visit find more information WP-Content/plugins? If so, upload that blank Index.html file inside that folder as well so people can not view what plugins you have. Because if your existing version of WordPress is up to date, if you're using a plugin or an old plugin using a security hole, someone can use this to get access.
Those are. Put a blank Index.html file in your folders, run your web host security scan and backup your whole account.