I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
In my view, the best way to ensure that your fix wordpress malware attack that is is via the use of a WordPress backup plugin. This is a fairly inexpensive, easy and elegant to use way to be sure your site is available to you.
Truth is, if a master of this script targets your own website, there is no way to stop an intrusion. What you are about to read below are a few precautionary measures you can take to quickly minimize the risk to an acceptable degree. If your WordPress site is well protected chances are a hacker would prefer choosing another victim.
Keep your WordPress Setup to date - One of the simplest and most valuable tasks you can do yourself is to ensure that your WordPress installation is upgraded. WordPress provides a notice in your dashboard to visit their website you, so there is really no reason.
You may extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. I think this plugin is a good option and you can use it.
The plugin should be updated to remain current with the latest WordPress release, play nice and have WordPress and restore capabilities. The ability to you could try these out clone your website (along with regular backups) can be useful if you ever want to do an offline site redesign, among other things.