There's a portion of config-sample.php that is led'Authentication Unique Keys.' You will find. There is a hyperlink how to fix hacked wordpress inside that section of code.You change the keys you have with the pseudo-random keys given by the website, copy the contents that you return, and must enter that link into your browser. This makes it harder for attackers to quickly create a'logged-in' dessert for your site.
Is also important. You need to backup all the files click this link and database so in the event of a sudden attack, you can easily bring your own blog back like nothing.
Is to delete the default administrator account. This is critical because if you do not do it, a user name that they could try to crack is known by malicious user.
Note that this step for new installations should only try. You will also have to change of the table names within the database if you would like to get it done for installations.
However, I recommend that you install the Login LockDown plugin instead of any.htaccess controls. From being allowed after three unsuccessful login attempts from a specific IP address for an hour login requests will stop. You may still get into your panel while away from your office, and yet you still have good protection against hackers, if you do so.