Welcome to the club.
It takes a little time, but it isn't too bad. It's more a personal violation, almost like getting your home burglarized I would imagine.
I can't speak about any so-called security plugins because I haven't used them, but I would think that if it were possible to make Wordpress more secure other than the vulnerabilities as the result of coding errors, that the Wordpress folks would have already incorporated them.
Have you determined that the vulnerability was in Wordpress and not in another area? Were you using an outdated version of Wordpress? That is usually the case when someone gets hacked, as it was in my case.
I had an outdated Joomla installation hacked that I was just using for evaluation purposes and forgot about. There is currently a security alert on Drupal. You can read Wordpress' recommendations if you haven't already.
I have never had any of my own code hacked, either, but Wordpress is much more complicated than anything I have done. Open source is a double-edged sword. You get thousands of hours of work writing code provided for free, but hackers also have access to that code. And because open source scripts are used by a lot of people, if a vulnerability is found hackers are quick to take advantage of it because of the large scale damage they can do.
Getting hacked is one of the risks of using open source and if the risk is too great it is best to write your own code.