I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
My first step is but I was helped by it. I had a good old fashion pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me.) And then I did before I started my website, what I should have done. And here is where I want you to start also. Learn hacked. The thing about fix wordpress malware removal and why so many people recommend it is because it is so easy to learn. Unfortunately, that can also be a detriment to the health of our sites. We have to learn how to put in a safety fence.
Don't make the mistake of thinking that your hosting company will have your back so far as WordPress copies go. Not always. While they say they do, it has been my experience that the company may or may not be doing proper backups. Why take that kind of chance?
Recently, an unknown hacker hacked the blog of Reuters and published a news article that was fake. Their reputation is ruined because of what the hacker did, since Reuters is a popular news site. Something similar may happen to you in the event you do not pay attention.
Another step to take to make WordPress more secure is to upgrade WordPress. The main reason for this is that with each upgrade there also come fixes for security holes that are old making it essential to upgrade.
However, I recommend that you install the Login LockDown plugin rather than any.htaccess controls. Login requests additional hints will be ceased by that from being permitted from a certain IP-ADDRESS for an hour or so after three failed login attempts. It is still possible to access your mobile while from your workplace, and yet you have great protection against hackers, if you accomplish that.