If a hacker gains access to your wordpress website CMS he first changes the password from the CMS 'Users' area then changes the email address from the CMS 'Settings>General' area. Because of this you completely loose the CMS access. You can neither log in to the CMS nor does 'Lost your password?'