I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
Finally, installing the fix wordpress malware cleanup Scan plugin will check most of this for you, and alert you to anything that you may have missed. Additionally, it will inform you that a user named"admin" exists. That is the user name. If you desire, you can follow a link and find instructions for changing that name. I think that there is a password good enough protection, and there have been no successful attacks on the sites that I run since I followed these steps.
Backup plug-ins is also significant. You need to backup database and all the files you can bring your blog back like nothing happened.
This is very handy plugin, protecting you against brute-force strikes that are password-crack. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts for a selection of IP addresses when a certain index number of attempts is reached.
Along with adding a secret key to your wp-config.php file, also think about changing your user password to something that's strong and unique. WordPress will tell you the strength of your password, but a great tip is to avoid common phrases, use letters, and include amounts. It's also a good idea to change your password frequently - say once every six months.
Software: If you've installed scripts search Google for'wordpress security'. You will get many tips on the best way to make your WP blog secure.