There's a part of config-sample.php that's headed'Authentication Unique Keys.' You will find four explanations that appear within the block. There is a hyperlink how to fix hacked wordpress site within that part of code.You have to enter that link into your browser, copy the contents that you return, and change the keys you have with the pseudo-random keys supplied by the website. That makes it harder for attackers to generate look at this web-site a'logged-in' dessert for your site.
A simple way to maintain WordPress safe is to use a few tools. First of all, don't allow people run a web host security scan, to list the files in your folders and automatically backup your whole web hosting account.
Exploit Scanner goes through the files on your website database, comment and place tables. It notifies you for plugin names. It does not remove anything, it simply warns you for possible threats.
Note that you should only try this step for new installations. If you would like to do it you'll also have to change all you can check here of the table names inside the database.
However, I recommend that you set up the Login LockDown plugin in place of any.htaccess controls. From being allowed after three failed login attempts from a certain IP address click to find out more for an hour, login requests will stop. You may still access your panel whilst and yet you have protection against hackers, if you do so.