Let me shoot a few scare tactics your way since scare tactics appear to be what drives some people to take fix hacked wordpress site a bit more seriously, or at least start thinking about the issue.
I might find it a little harder to crack click this your password, if you're among the ones that are proactive. But if you're one of those ones, I might just get you.
For me it's a WordPress plugin. They are drop dead easy to install, have all the features you need for a task such as this, and are relatively inexpensive, especially when compared to having to employ official site someone to get this done for you.
Note that this step for new installations should try. You need to change all the table names within the database if you would like to do it for installations.
These are three very simple things you can do to maintain WordPress safe without plugins. Put a blank Index.html file my site in your folders, run your web host security scan and backup your entire account.