Recently a number of my WordPress based sites suffered an attack. Although I spent quite a bit of time attempting to clean the sites, I ended up deleting and rebuilding them (thank goodness for data-only backups!).
As a result, I also explored ways to prevent this from happening again. There are MANY MANY steps to take. Prior to the attack, I had implemented some (but not all) of these. I found the following articles to be helpful.