Recently been hacked and need secure wordpress how?

Cheers buddy, that will come in handy! but i don't think they came in through my login, due to all my passwords for my sites are all between 10-20 number and letters, and my virus and firewalls are running fine.

Could it be through one of the plugins that was installed?

Ahhh right, looks like i could be in for a long night reading up on how to secure wordpress further.

Take a hard look at everything you have installed - it may be WP, it may not be. Do you ahve form processing? And plugins that have SQL.
PHP and WP are a bit of wildwest. Just about anybody can code things and release them - it doesn't mean they are safe.

It is very easy to think about all the places you have passwords and completely miss the insecurity. Hackers do not need your password to hack your site.

1) where did you get your WP template. A lot of free template sites offer templates that are already compromised. Hackers release them and look for the signature in search engines.

2) many scripts and plugins are vulnerable to special query strings that offer up access or accept commands .

3) apache is vulnerable to attacks that essentially tell it to give up the access with queries that allow commands to get through.

It could very easily be a PW attack or Not. Does your site have weak pws for access to ftp, ssh. If you don't have security on your server, and you arent' checking the logs, you are probably missing how many people are scanning your box. I get emails every day for each scan of my server.
They are all blocked. But before I did that, I would see logs of people trying various login attemps 100s-1000s of times a day through FTP, mail and ssh.

Did you check your server logs to see what you might find?

Hope you figure it all out.