Year and a half educated us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the planet's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
Documents can easily get lost if you don't have good protection on your website. Some of those files might be saved on your computer and easily replaceable, but what about the rest of them? If you lose the first time to them where are you going to get them from again? Especially how to fix hacked wordpress is very important. Long-term sites have a lot of data and have created a number of files. Recreating that all would be a nightmare, and not over here something any business owner would like to do.
Is also significant. You need to backup database and all the files you pop over to these guys can bring your blog back like nothing happened.
1 step you can take is to delete the default administrator account. This is important because if you do not do it, a user name which they could try to crack is known by malicious user.
What if you visit WP-Content/plugins, can you view that folder? If so, upload that blank Index.html file into that folder as well so people can't see what plugins you have. Because even if your version of WordPress is current, if you are using a plugin or an old plugin using a security hole, then someone can use that to get access.
Change admin username and your WordPress password, or visit here at least your password and collect and use other WordPress safety tips to keep hackers out!