This is the second time, my site was hacked. The first time I had my permissions set incorrectly and I fixed that. Now it is happening again. I've changed my security keys, username and password. I was able to find the code that was installed and erase it.
After I was hacked the first time I installed the limit login access plug-in. Someone is definitely continuing to attempt to get in because I can see it in the plug-in. I've had 414 failed to login attempts and lockouts in two weeks.
I am working my way through the WordPress My Site Was Hacked document, but does anyone else have any other suggestions? Should I hire someone to look into my site? If so, any recommendations on where to look for someone to hire?