My first step is but it helped me. I had a fantastic old fashion pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me) And then I did what I should have done before I even started my website. And here is where I would like you to start. Learn how to protect yourself before you get hacked. The attractive thing about how to fix hacked wordpress site and why so many people recommend because it is so easy to learn, it is. Unfortunately, that can be a detriment to the health of our sites. We have to learn how to add a security fence around our site.
You can look. You can restore your website by means of your files and change everything that has to be changed, if hackers suddenly hack your website.
1 thing you can take is to delete the default administrator account. This is critical because if you do not do it, a user name that they could attempt to crack is known by malicious user.
Now we are getting into things. Whenever you install WordPress, you have to edit the document config-sample.php and rename it to config.php. You want to install the database details there.
There is another problem you have with WordPress. People know where they can login and they could just drop by with your login form and try outside a different combination of user accounts and passwords. So as to prevent this from happening you want to set up Login Lockdown. It is a plugin that lets users attempt to login with a wrong password three times. After that the IP address will be banned from the my blog server for a certain timeframe.