First.. Do you have backups of the website data?
Post hack is tough. At this point trust NOTHING. Unless you do FIM (File integrity monitoring), there is no way to find out for sure what was changed. There could be a backdoor, rootkit, etc.
Was it a chrooted environment so the hacker couldn't effect the rest of the server space? If its a hosted site chances are you were.
It would be better for you to destroy the current website. Nuke the whole thing (webserver , framework, and data/content). Start from fresh, reinstall the secure or updated version of wordpress, re-upoad the content and start from there.
Find a free vuln scanner (if its your infrastucture) and scan the site on a regular basis and remediate the issues it finds. Waiting till hacked to find out you have a software vuln is brutal on recovery because you cant trust anything.
Facebook
Twitter