I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
Let me shoot a scare tactics your way since scare tactics appear to be what compels some people to take fix wordpress malware removal a bit more seriously, or at the very least start thinking about the issue.
I might find it somewhat harder to crack your password, if you're among the ones that are proactive. But if you're one of those ones that are reactive, I might just get you.
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely if you make frequent additions and changes to your site. If you have a community of people which are in there all the time, or make changes multiple times a day, a daily backup should be a minimum.
It's really sexy to fan the flames of fear. That's what journalists and bloggers and politicians and public figures do. It's great for readership and it brings money to the war chests. Balderdash.
But realize that security is. Do not just be the reactive type, consider steps to start protecting yourself. Do not let Joe the Hacker make your life miserable and turn all in creating come my response crashing down in a matter of moments, that you've worked hard.