I've had two WordPress blogs hacked into formerly. That was in a time when I was doing almost no online advertising, and until I found time to deal with the situation (weeks later), these sites were penalized at the main search engines. They weren't eliminated, no matter how the evaluations were reduced.
The fix wordpress malware attack Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed via an FTP client or within the administrative page from your web host.
Truth is, if a master of this script targets your own site, there is actually no way to stop an intrusion. What you are about to read below are a few precautionary actions you can take to minimize the risk to an acceptable degree. Odds are a hacker would prefer site web picking simpler victim, another, if your WordPress site is protected.
Yes, you want to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. If you make changes and additions to your site, definitely more. If you make changes multiple times every day, or have a community of people which are in there all the time, a daily backup should be a minimum.
Take note of your new password! I recommend the version of the software *Roboform* to remember your passwords.
Of course you can install more plugins to make your shop more user-friendly like automatic plugin or share buttons. That's all. Your store is up and running!