One of the downsides to developing with WordPress is that it is subject to the brunt of an army of hack attempts. This is mainly due to it being the world’s most popular CMS and therefore the biggest target.
I always install security plugins as a matter of course on any website that I develop, it doesn’t take long to do and will harden the site against many types of attacks and so it well worth doing. My plugins of choice are iThemes Security and Wordfence, both are very good and updated regularly to keep up with the bad guys.
If your site has been hacked and you want someone to clean it up and protect it from any future attacks, or if you want to harden up your website before it gets targeted, then just drop me an email at firstname.lastname@example.org.