Let me shoot a scare tactics your way since scare tactics appear to be what drives some people to take fix hacked wordpress a bit more seriously, or at the very least start thinking about the problem.
The stronger approach, and the one I recommend, is to use one of the creation and storage plugins available for your browser. I believe after a free trial period, you have to pay for it, although Lots of people like RoboForm. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer continue reading this or Firefox. That will generate secure passwords for you.
You should also place the"Anyone Can Register" in Settings/General to off, and you should have some sort of spam plugin. Akismet is the old standby, the one I use, but there are many of them these days.
You can right here make a firewall that blocks hackers from infiltrating your own blogs. From coming into your files, the hacker is prevented by the firewall. You also have to have version of Apache. Upgrade your PHP. It's essential that your system is always full of upgrades.
Just make sure you choose a plugin that's up to date with release and the version of WordPress, and which you can schedule, restore and replicate.