This hacker seems to target WordPress sites.
What steps can site owners take to protect their website from this hacker?
How easy is it to repair the site?
Does the hacker simple replace index.php, or does it destroy the database as well?
(It is not my own site that got hacked, but having seen it happen to someone else's site, I am wondering how to protect my own)