It helped me although my first step is not one you must take. I had a good old style pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me) And then I did before I started my site, what I should have done. And here is where I want you to start. Learn hacked. The thing about rename your login url to secure your wordpress website and why so many of us recommend it is because it is easy to learn. That is also a detriment more info here to the health of our sites. We need to learn how to put in a safety fence around our website.
Well, we are talking about WordPress but what's the sense if your computer is in danger of hackers of performing security checks and updates. There are files which can encrypt key loggers. When this happens, regardless of what you do, they can access everything that you type on your keyboard. You can find a lot of antivirus programs that are good . Look for a credible antivirus program or ask experts.
One thing you can take is to delete the default administrator account. This is critical because try this site if you don't do it, a user name that they could attempt to crack is known by malicious user.
Now we are getting into things. You have to rename it to config.php and modify the document config-sample.php, when you install WordPress. You will need to set up the database facts there.
Do not use wp_ as a prefix for your own databases. Most web hosting providers are currently eliminating that default but if yours doesn't, adjust wp_ to anything but that.