Let me shoot a couple of scare tactics your way since scare tactics seem to be what compels some people to take how to fix hacked wordpress site a little more seriously, or at the very least start considering the problem.
The approach, and the one I recommend, is to use one of the creation and storage plugins available for your browser. Many people like RoboForm, but I believe after a free trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate secure passwords for you.
Recently, an unknown hacker hacked the blog of Reuters and published a fake news article. Their reputation is ruined due to what the hacker did since Reuters is explanation a news site. In the event you don't pay attention on the security of your WordPress 20, the same thing may happen to you.
Upgrade now if you aren't currently running the latest version of WordPress. Leaving your site is like keeping your door unlocked when you leave for vacation.
Change admin username and your WordPress password, or your password and collect and use special info good WordPress security tips to keep hackers out!