If your website is already hacked before installing BPS or any security plugins you need to clean up your hacked website and your entire hosting account or restore your website from a good backup that you are sure is 100% clean of any hacker files or code.
You can just click the Root BulletProof Mode Activate button to create a new BPS Root htaccess file, but you should assume the worst case scenario, which is your website and hosting account are hacked/compromised and do the website hack cleanup steps in this forum topic: https://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/ First try to restore your entire website: files and database from a good backup (assuming your backup does not already contain hacker files and/or code).