I have had two WordPress blogs. That was at a time when I was doing almost no online advertising, and until I found time to deal with the situation (weeks later), these sites were penalized in the main search engines. They were not eliminated the ratings were reduced.
By default, the latest version of WordPress is pretty secure. The development team of WordPress has considered anything that might have been added to any fix wordpress malware plugins. In the past , WordPress did have holes but most of them are filled up.
I protect an access to important files on the site's server by more info here placing an index.html file in the particular directory, that hides the files from public view.
Recently, the blog posted a news article and of Reuters was hacked by an unknown hacker. Their reputation is already destroyed due to what the hacker did, since Reuters is a news site. If you don't pay attention on the explanation security of your WordPress 20, the same thing may happen to you.
Take note of your password! I recommend the version of the secure software *Roboform* to remember your passwords.
Do not use wp_. That default is being eliminated by web hosting providers now but if yours doesn't, fix wp_ to anything but that.