Well if your concern is about the theme and data stored in the database, I suggest you also start with a “new install” of the theme.
And as far as the DB goes, I’ve had a similar experience where I took the hacked DB and installed it on my localhost, then exported the wp_users
, wp_usermeta
, wp_posts
, and wp_postmeta
tables ONLY.
Then I did a clean install (on the hosting server) of WP with a NEW DATABASE as well, and imported the wp_users
, wp_usermeta
, wp_posts
, and wp_postmeta
tables into my clean DB. Typically when a site gets hacked and the DB is affected, it’s the wp_options
table that has problems.