I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
By default, the newest version of WordPress is pretty secure. The development team of WordPress has considered anything which may have been added to any fix wordpress malware cleanup plugins. Before, WordPress did have holes but most of them are filled up.
Protect your login credentials - Do not keep your login credentials where a hacker could find them. Store them offsite, as well as offline. Roboform is good find more information for protecting them, too. Food for thought!
One thing you can take is to delete the default administrator account. This is critical because if you do not do it, a user name that they could attempt to crack is known by malicious user.
If you aren't running the latest version of WordPress, upgrade now. Like maintaining your door unlocked when you leave for vacation why not try here leaving your site is.
The plugin should be updated play nice with of your other plugins, to remain current with the latest WordPress release and have WordPress cloning more info here and restore capabilities. The ability to clone your website (in addition to regular copies ) can be useful if you ever need to do an offline site redesign, among other things.