Most of the times just getting rid of bad code you should make sure you have a clean site and set up a new secure password and dont use the old one.
You should delete all files and reupload them (and make sure that you got all files by makign sure there are no hidden files/folders other than .htaccess). You should get proper protection against bruteforceattacks and bad/failed login lockouts.