I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
I back up my blogs using a plugin WP DB Backup. I will restore my blog if anything happens. I use WP Security Scan plugin that is free to scan my blog frequently and WordPress Firewall to block asks that are suspicious-looking to fix wordpress malware protection.
I protect an access to important files on the site's server by putting an index.html file in the particular directory, that hides the files from public view.
Fortunately, keeping your WordPress site up-to-date is one of the easiest things you can do. For the past couple of versions, WordPress has included the ability to install automatic updates. Not only that, but sites are notified whenever a new upgrade becomes available.
Note that you should only try this step for setups. If you might like to do it for existing installations, you have to change of the table names inside the database.
However, look at here I advise that you set up the Login LockDown plugin as opposed to any.htaccess controls. Login requests will be stopped by that from being permitted from a for an hour or so after three failed login attempts. You can access your mobile while from your office, and yet you have protection against hackers if you accomplish this.