Let me shoot a scare tactics your way since scare tactics appear to be what compels some people to take how to fix hacked wordpress a bit more seriously, or at least start considering the issue.
Do not depend on your Web host - Many people depend on their web host to"do all that technical stuff for me", not realizing that sometimes, they don't! Far better to have the responsibility lie instead of out.
This is very useful plugin, protecting you against brute-force password-crack attacks. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts for a selection of IP addresses Home Page when a certain number of attempts is reached.
Phrases that were whitelists and black based on which field they appear inside. (unknown/numeric parameters vs. known article bodies, remark bodies, etc.).
These are only a few. Fantastic thing is they don't require much time to do. These are simple options, which can be carried out easily.