how to fix hacked wordpress Watch out form submissions. You may usethe information to be processed by Regexp from forms. You can also define preloaded variables as type data in the kind of checkboxes, radiobuttons etc..
Use strong passwords - Do what you can to use a password, alpha-numeric. Easy to remember passwords are also easy to guess!
Exploit Scanner additional hints goes seeking anything suspicious through the files on your site place, comment and database tables. You are also notified by it for plugin names that are odd. It does not remove anything, it warns you for threats.
Can you view that folder what if you visit WP-Content/plugins? If so, upload that blank Index.html file into that folder as well so people can not see what plugins you might have. Because if your existing their website version of WordPress is current, if you're using an old plugin or a plugin with a security hole, then someone can use this to get access.
Don't use wp_ as a prefix for your own databases. That default is being eliminated by web hosting providers now but if yours does not, fix wp_ to anything but that.