I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
secure your wordpress site will even tell you that there's not any htaccess in the directory. You can put a.htaccess file if you wish, and you can use it to control access from IP address to the directory or address range. Details of how to do this are readily available on the internet.
Don't make the mistake of thinking i thought about this that your hosting company will have your back so far as WordPress backups go. Not always. While they say they do, it's been my experience that the hosting company may or might not be doing proper backups. Why take that kind of chance?
Should you ever want to migrate your site elsewhere, like a new hosting company, you'd be able to pull this off without a hitch, and also without having to disturb your old site until the new one was in place and ready to roll.
Note that this last step for setups should try. You'll also need to change all the table names within the database, if you would like to do it for existing installations.
But realize that online security is. Don't just be the type, take steps to begin protecting yourself. Don't let Joe the Hacker make your life miserable and turn everything in creating come crashing down in a matter of moments, that you've worked hard.