I have had two WordPress blogs. That was in a time when I was doing virtually no internet advertising, and until I found time to handle the situation (weeks later), these sites were penalized in the main search engines. They were not eliminated, no matter how the ratings were reduced.
By default, the newest version of WordPress is pretty darn secure. The development team of WordPress has considered anything that might have been added to any fix wordpress malware removal plugins. In the past , WordPress did have holes but most of them are stuffed up.
This is great news as it means that there's a strong community of developers and users who could improve the platform. However there's a group of people trying to achieve something, there will always be people who will try to take them down.
Exclude pages - This plugin adds a checkbox,"include this page in menus", which can be checked by default. If you uncheck it, the page will not appear in any listings of webpages (which contains, and is usually restricted to, your page navigation menus).
Can you view that folder what if you visit WP-Content/plugins? If so, upload this blank Index.html file into that folder as well so people can't see what plugins you pop over to this web-site might have. Someone can use this navigate to these guys to get access because even if your version of WordPress is up to date, if you're using a plugin or an old plugin with a security hole.
Change your WordPress password and admin username, or at least your password and collect and use other good WordPress security tips to keep hackers out!