Great advice, HRG, and already mostly listed in the link I provided that has our step by step guide for this.
I have found that most sites I have seen get exploited were due to unused and un-updated plugins or themes. That's the great thing about Wordfence that we actually remind you as soon as there is an update, so you can go get it. We also maintain a repository of plugins that mirrors what is available on Wordpress and let you know what and how the files were changed. And then we offer to fix them for you, with the bulk repair options.
Monitoring is always a great idea, especially if you are a large site or if you are a small site and forget to check things. Its easy to forget to login and do a little maintenance from time to time. But remember, running a website comes with responsibility, and you have to be diligent to make sure you are not taken advantage of and your site is not hacked.
So, laptitelu, follow the link and go through the steps. Let us know if we can help.
tim