I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
The fix wordpress malware Codex has an outline of what permissions are okay. Directory and file permissions can be changed either through an FTP client or within the administrative page from your web host.
Hackers don't have the capability once you got all these lined up for your security to come to your WordPress blog. You can have a WordPress account especially that one that gives you big bucks from affiliate marketing.
Yes, you want to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely, if you make changes and regular additions to your website. If you have a community of people which are in there all the time, or make changes multiple times every day, a daily backup should be a minimum.
You can also make a firewall that blocks hackers from infiltrating your own blogs. From coming into your own files, the hacker is prevented by the firewall. You also have to have version of Apache. Upgrade your PHP as well. It's essential that this post your system is always full of upgrades.
Those are. Set a blank Index.html file in your folders, run your web host security scan and backup your whole account.