I have had two WordPress blogs. That was at a time when I was doing almost no internet marketing, and until I found time to deal with the situation (weeks later), these sites were penalized in the major search engines. They were not eliminated the evaluations were reduced.
fix malware problems free will also tell you that there is not any htaccess from the directory. You can put a.htaccess file into this directory if you wish, and you can use it to control access to the directory or address range. Details of how to do this are available on the internet.
Also, don't make the mistake of believing that your web host will have that site your back so far as WordPress copies go. Not always. It has been my experience that the company may or might not be doing backups while they say that they do. Take that kind of chance?
You also need to place the"Anyone Can Register" in Settings/General to off, and you should have some sort of spam plugin. Akismet is the old standby, the one I use, but there are lots of them these days.
You can get an SSL Encyption Security for your WordPress blogs. The SSL Security makes secure and encrypted communications with your blog. So that all transactions are recorded, you can also keep history of communication and the all of the cookies. Be certain all your sites get SSL security for protection from hackers.
Free software: If you have installed scripts search Google for'wordpress security'. You'll get many tips.