It helped me although my first step is not one you have to take. I had a good old style pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me) And then I did what I should have done before I started my site. And here is where I would like you to start. Learn how to protect yourself until you get hacked. The attractive thing about fix hacked wordpress and why so many of us recommend because it is really easy to learn it is. That can be a detriment to the health of our websites. We have to learn how to add a safety fence.
Everything you have worked for will go with it, should the server of your site go down. You will make no sales, get signups or no traffic to your website, until you get the website back up 32, and in short, you are out of business.
Keep your WordPress Setup to date - One click reference of the easiest and most valuable tasks you can do yourself is to ensure that your WordPress installation is updated. WordPress provides you a notice on your dashboard, so there is really no reason to not do this.
In addition to adding a secret key to your wp-config.php file, also think about altering your user password to something that's strong and unique. WordPress will let you know the strength of your password, but a good tip is to avoid phrases, use upper and lowercase letters, and include numbers. It's also a good idea to change your password frequently - say once.
Those are three very simple things you can do to keep WordPress safe without plugins. Put a blank Index.html file in your folders, run your web host security scan and backup your entire account.