Hey,
I had a fast look over your project and I think I can help you out by scanning it and find the issue that was exploited by the hacker. In addition to this, in case you have a ssh access to the webhost I can install a version control solution for your website so in case the hackers will attack again, you can redo the website to the initial state with just one command.
Let me know if I can help in any other way,
Paul