Questions about an hacked site

Hello everyone !

Again, a question about a hacked website… My website http://gvme.ch has been hacked last week, and I could read many informations about what to do etc…

I will change all passwords FTP, MYSQL, CPANEL, WP-ADMIN and security keys, but first I want to ensure that I remove the hacked parts of the site.

My problem is that this site is online since this month, and the only backup I have contains an old version of database without pictures, posts and so on…

My first question is : is it possible that the hack corrupted or infected the Database as well or it could be only codes files ? If not possible, I could download the site, replace all files with a clean latest version of WP, plugins and themes, and that should do the job for the cleaning part ?

Then, second question : are all those security plugins useful if I stay updated with everything after changing all pwd to strong ones ? If useful, which one do you advise ? Wordfence seems a good one, but is it useful to use more than one plugin for security ? It’s a jungle…

Finally, to tell you the whole story, before the site was “visually” acked, my username was reverted back to admin… Strange, that might help you to tell me where the security breach come from ? I changed the username back in the database, but it was already too late…

Thank you guys very much for your help