Let me shoot a couple of scare tactics your way since scare tactics appear to be what compels some people to take how to fix hacked wordpress site a bit more seriously, or at least start considering the problem.
Safeguard your login credentials - Don't keep your login credentials where a hacker could locate them. Store them offsite, and even offline. Roboform is very good for protecting them. Food for thought!
For me it's a WordPress plugin. They're drop dead simple to set up, have all the features you need for a task such as this, and are relatively cheap, especially when compared to having to hire someone to get this done for find here you.
Whitelists phrases and black based on which field they look within, in a page request. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
These are. Put a blank Index.html file in your folders, run your web host security scan and backup your whole account.