how to find the way they hacked my WP site

There are many things that I do to check a possible hack on the site. Changing FTP users/passwords, reinstalling WP, reinstalling themes/plugins, changing user account passwords (especially admin level), change hosting credentials.

I wrote an entry on my own site to remind me (most of the stuff there is my own ‘notes’ to myself). May be helpful: (Not trying to promote my site; there are many googles on how to recover from a hacked site. That link is just my personal list.)