Also i find in activity log many login failures attempts from another ip. 

This is the first time i see a password protected site. You see nothing, just a id and password.

Not a good idea.

But trying to follow your google links i am able to view the site. strange things.... You have password protected the forum pages.

I doubt if a registered user can hack the site, unless the site is totaly missconfigured. And wpForo probably has nothing to do with the hack. But was it a hack actually? What was the hack? The ammount of users? That is not a hack but spammers with fake accounts.

If your site is well installed and the server secure, all you need is a WP plugin for security. Nothing else.

Thank you for your time, the password protected it's my fault. Now all fine. When the bots appeared in the wpforo forum , all the time i see activity login from differnet ip. They tried to login in wp admin area. Also if you search the name of the website on Google, you will see that the website url appear in another unsafe website forums. I am not very "familiar" and "experienced" with wordpress and i don't know if this is somtheng normal or real danger for readers and also for me. 

Ok then your WP site is not hacked just flooded with fake accounts probably for spam and profiles. wpForo doesn't handle logins and registrations, it is Wordpress that does that.

There are many many plugins to protect you from that. For Wordpress. Captchas, security plugins like Worldfence, you name it.

Also i see your url to chinese profile links. You can disable profile indexing.

But better protect the source of your issues, REGISTRATION or/and LOGIN of bots (if they are a lot, they are bots).