Now since you use PHP on the site took you must ensure that your Host uses the latest version of PHP as older versions could be vulnerable and be exploited.
Changing your passwords to stronger ones would help but you should also speak to your HOST about the fact that your sites was hacked and since it involves PHP do they have the latest version of the PHP software and what can they/you do to help prevent your site being hacked in the future.