I have had two WordPress blogs hacked into previously. That was at a time when I was doing virtually no internet marketing, and until I found time to deal with the situation (weeks later), these sites were penalized in the major search engines. They weren't eliminated, no matter how the ratings were reduced.
The fix wordpress malware Codex has an outline of what permissions are acceptable. File and directory permissions can be changed through an FTP client or within the page from your hosting company.
Safeguard your login credentials - Don't keep your login credentials where a hacker could find them. Store them off, and even offline. Roboform is good for protecting them, too. Food for thought!
Recently, the blog published a news article and of Reuters was hacked by an unknown hacker. Due to what the hacker did since Reuters is a news website, their reputation is already ruined. Something similar may happen to you in the event you do not pay attention on the security of your WordPress blog.
Can you view that folder what if you go to WP-Content/plugins? If so, upload this blank Index.html file inside that folder as well so people view website can not view what plugins you have. Someone can use that to get access because if your version of WordPress is up to date, if you're using a plugin or an old plugin using a security hole.
Do not use wp_. Web hosting providers are eliminating that default now but if yours doesn't, adjust wp_ to anything else but that.