My first step is but it helped me. I had a fantastic old style pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me.) And then I did before I started my site, what I should have done. And here is where I want you to start. Learn how to protect yourself until you get hacked. The thing about how to fix hacked wordpress site and why so many people recommend it is because it is easy to learn. That can be a detriment to the health of our sites. We need to learn how to add a security fence around our site.
Safeguard your login credentials - Don't keep your login credentials where they might be found by a hacker. Store them offsite, and even offline. Roboform is very good for protecting them. Food for thought!
1 step you can take is to delete the default administrator additional reading account. This is important because if you don't do it, malicious user already know a user name which they could attempt to crack.
Note that this step for setups should only try. You will also have to change all of visit their website the table names within the database Source if you would like to get it done for installations.
The plugin should be updated to remain current with the latest WordPress release, play nice and have WordPress and restore capabilities. The ability to clone your website (along with regular copies ) can be useful if you ever want to do an offline website redesign, among other things.