Please make sure that you are doing the following steps periodically.
1. Change all account related password to strongest one. The site password was easy to crack so keep the password that is not easy to guess.
2. Do note store passwords on browser.
3. Scan your PC for malicious scripts using antivirus program.
4. Optimize website code/database queries.
5. Make sure that you are always installing applications/themes/plugins etc from authorized resources.
6. Update any application installed to the latest stable version. Upgrade scripts/plugins/addon installed to the latest stable version.
7. Remove unwanted scripts/plugins/addon installed.
8. Sometimes, contact form installed lacks the basic security setting like captcha/re-captcha. For 'open' contact form, bots easily can spam contact form.
9. Optimize your MySQL databases.
10. Check access logs and block the suspicious IP if any
