It helped me although my first step is not one you must take. I had a good old style pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me.) And I did what I should have done before I started my site. And here is where I would like you to start also. Learn hacked. The beautiful thing about fix malware problem and why so many people recommend because it is really easy to learn it is. That can also be a detriment to the health of our sites. We need to learn how to add a security fence.
Safeguard your login credentials - Do not keep your login credentials where a hacker might find them. Store them offsite, as well as offline. Roboform is very good for protecting them, too. Food for thought!
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it there if it cannot be found in the main directory. Additionally, nobody else will be able to read the file unless they've FTP or SSH access to your server.
BACK UP your website and keep a copy on your computer and off-site storage. Back, For those who have a website. You spend a whole lot of time and money on your site, don't skip this! The one solution that does it all is BackupBuddy, no back up your files, widgets, database and plugins. Need to move your website this will do it!
But realize that online security is. Don't only be the reactive type, click this consider steps to begin today, protecting yourself. Don't let Joe the Hacker make your life miserable and turn everything that you've worked hard.