I have had two WordPress blogs hacked into previously. That was in a time when I was doing almost no online marketing, and until I found time to handle the situation (weeks later), these sites were penalized in the major search engines. They weren't eliminated the evaluations were reduced.
By default, the latest version of WordPress is pretty secure. Anything which may have been added to some fix wordpress malware protection plugins has been considered by the development team of WordPress . Before, WordPress did have holes but now most of them are filled up.
An easy way would be to use a few tools that are built-in. First of all, do not allow people run a web host security scan, to list the documents in your folders and automatically backup your web hosting account.
Exclude pages - This plugin provides a checkbox,"include this page in menus", which can be my latest blog post checked by default. If you uncheck it, the page will not appear in any listings of webpages (which contains, more tips here and is usually restricted to, your page navigation menus).
In addition to adding a secret key to your wp-config.php file, also think about changing your user password to something that is strong and unique. WordPress will let you know the strength of your password, but include numbers, use upper and lowercase letters, and a great idea is to avoid phrases. It's also a good idea to change your password frequently - say once every six months.
Don't use wp_. Most web hosting providers are removing that default but if yours doesn't, fix wp_ to anything but that.