I have had two WordPress blogs hacked into formerly. That was at a time when I was doing almost no internet marketing, and until I found time to deal with the situation (weeks later), these sites were penalized in the main search engines. They weren't eliminated the ratings were reduced.
Install the fix malware problems free Firewall Plugin. This plugin investigates requests with WordPress-particular heuristics that are straightforward to recognize and stop obvious attacks.
The stronger approach, and the one I recommend, is to use one of the password generation and storage plugins available on your browser. Lots of people like RoboForm, but I believe after a free trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate secure passwords for you; you then use one master password to log in.
Move your wp-config.php file one directory up from the WordPress root. WordPress will search for it if it cannot be visit our website found in the root directory. Additionally, nobody else will be able to read the file unless they've FTP or SSH access to your server.
You may extend the plugin features with premium plugins such as: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think this plugin is a good choice and you can use it.
There are always going to be risks being online (or even just being alive!) Also it's easy to get caught up in the fear. As soon as we get caught up in the fear, we put the breaks on. This isn't a reaction. Take some common sense precautions, then forge ahead. If something does happen, it is going to have to be addressed then and no amount of quaking in your boots before-hand will have helped. If nothing does, all is good and you haven't made yourself ill with worry.