As others have stated always keep your Wordpress core script up to date. Wordpress makes this very easy to do. You just have to log into the admin panel and update. But you need to subscribe to their mailing list or RSS feed so you can be notified as soon as a new version is released. The sooner you can update your script, the better off you are.
One way to look at updates, if Wordpress is releasing a new version it is likely fixing a security hole and an exploit for that security hole is already out in the wild. So your Wordpress script would be vulnerable even before Wordpress releases a fix. Minimizing the time between an update being release and applying that update to your site will help the most.
Apply this same logic to any plugins and themes you have installed on your Wordpress site. Plugins can be useful because they can give you additional control of your Wordpress site. But if you aren't using a plugin, then don't keep it installed. Delete it from your webhosting space so that it cannot be exploited. Some plugins are developed better than others, so only install plugins that are from reputable developers. Knowing when a plugin is outdated is not as easy as the core Wordpress script, but you have to find some system for keeping them up to date if you want to stay secure. This is another reason why you should minimize the number of plugins and themes that you use.
Finally, insure that your personal computer is being kept up to date and malware free. If you have a keylogger or other piece of malware running on your personal computer and you log into your Wordpress admin panel, then hackers can retrieve your Wordpress login that way. With this information in hand, even if your Wordpress site stays up to date, hackers can still gain access to your account. Keep your anti-virus software up-to-date, keep your malware detection software up-to-date. Run routine scans. Keep all of the software on your computer up to date (browser, plugins, especially Adobe Flash, etc). I would really recommend only logging into your Wordpress admin panel from your own personal, secured computer, because if you log in from another computer, then you have to call into question the security of that computer as well (what if it has a keylogger installed on it?). If you do have to log in from a separate computer, one that you can't audit the security of, then I would recommend changing your admin panel password as soon as you get home on your personal and secure computer system.
If your website has already been hacked, then you really can't trust the integrity of it any more. What if the hackers left a backdoor some where on your web hosting account? They could use that backdoor to gain access to your website at any time. Your web hosting provider might be able to scan and see if any KNOWN backdoors exist on your account, but they can never be 100% certain. This is why taking steps to prevent a hack is better than trying to recover from a hack.