Have you identified the exploit vector? If not, you may be leaving yourself open to future exploit.
Other things to consider:
- Change WordPress admin user passwords – done
- Change Hosting account user password
- Change FTP passwords
- Change MySQL db user password – done
- Change the db table prefix
- Update your wp-config nonces/salt
- Check your directory/file permissions
- Block directory-browsing access, via
.htaccess
- Go through everything in the Hardening WordPress Codex entry
- Go through everything in the FAQ My Site Was Hacked Codex entry