I back up my blogs using a plugin WP DB Backup. If anything happens I will always restore my blog. I use my site to be scanned by WP Security Scan free plugin and suspicious-looking asks to be blocked by WordPress Firewall to fix wordpress malware virus.
There are many ways to pull this off, and many involve copying and FTPing files, exporting and web re-establishing more and databases. Some of them are very complex, so it is important that you select the one that is right. Then you might want to check into using a plugin for WordPress backups, if you are not of the persuasion.
Exploit Scanner goes through the files on your site place, comment and database tables. You are also notified by it for plugin names that are unusual. It doesn't remove anything, it warns you for threats.
As I (our fictitious Joe the Hacker) understand, people have way too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, web hosting, etc. accounts which all include logins have a peek at this website and passwords you need to remember.
Change your password, or admin username and your WordPress password and collect and use other WordPress safety tips to keep hackers out!