Allow me to shoot a scare tactics your way since scare tactics seem to be what drives some people to take how to fix hacked wordpress site a bit more seriously, or at least start considering the issue.
A simple way would be to use a few built-in tools. To begin with, do not allow people run a web host security scan, to list the documents in your folders and automatically backup your web hosting account.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely if you make changes and additions to your website. If you make changes multiple times a day, or have a community of people which are in there all the time, a backup should be a minimum.
Along with adding a secret key to your wp-config.php file, also consider changing your user password into something that is strong and unique. A great idea is to avoid phrases, use letters, you could try these out and include numbers, although wordPress will tell you the strength of your password. It's also a good idea to change your password helpful resources regularly - say once.
Do your homework and some searching, but if you're pressed for time and need to get this done once and for all, try out the WordPress safety plugin that I use. It's a relief to know that my site (and company!) are secure.