I presume there is some plugin or other installation I can use to restrict this happening again?
Sort of. Ish. Kinda.
I know, that's not a straight answer. ;)
*Jan pulls out soapbox and climbs on top.*
My personal opinion is that plugins like that can provide a false sense of security and safety if you do not read the instructions carefully and fully understand what the plugin is doing.
That is not to say they do not work, just be careful if you use and rely on one of them. ;)
Security and keeping your site hack free is a process of maintaining your themes, plugins, WordPress version, and making sure your server software is limited and up to date.
That last part of keeping the server up to date is often outside of your control especially if you use a shared hosting plan. In that situation you can help yourself by keeping your own backups off server on a regular basis.
If you keep an eye on the whole works from time to time and follow the advice from this link then generally speaking you will be fine.
And if something goes wrong you can use your backups as a safety net
*Jan now steps off of the soapbox*
After you delouse and harden your installation and you've got your versions up to date on your server as well as your WordPress software then you may want to look at some of the security plugins in the repo here.
But that's for after you are confirmed to be cleaned out. Don't try to install any new plugins until you are confirmed to be hack free.