My first step is not one you have to take but it helped me. I had a good old style pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me) And I did before I started my site, what I should have done. And here is where I would like you to start. Learn how to protect yourself before you get hacked. The beautiful thing about fix wordpress malware attack and why so many of us recommend because it is easy to learn, it is. That can also be a detriment to the health of our sites. We have to learn how to put in a safety fence around our website.
Use strong passwords - Do your best to use a strong password, alpha-numeric, with upper and lower case and special characters. Easy to remember passwords are also easy to guess!
It's a WordPress plugin. They're drop dead simple to install, have all the functions you need for a task like this, and are relatively inexpensive, especially when compared to having to hire someone to have this done for you.
Note that you should only try this last step for setups. You need to change the table names within the database, if you might like to get it done for existing installations.
Oh . And by the way, I was more information talking about plugins. Make sure it's original site a secure one when you get a new plugin. Do not install any plugin because the owner is saying on his site that plugin can allow you to do this or that. Maybe use get a software engineer to examine it carefully, or perhaps a test blog to look at the plugin. This way is not a threat for you or your organization.