I have had two WordPress blogs hacked into previously. That was in a time when I was doing almost no internet marketing, and until I found time to handle the situation (weeks later), these sites were penalized at the major search engines. They weren't eliminated, however the ratings were reduced.
Installing the fix wordpress malware removal Scan plugin will check all this for you, and alert you to anything that you may have missed. Additionally, it will tell you that a user named"admin" exists. That is your user name. You can follow a link and find instructions if you desire. Personally, I believe that a strong password is good protection, and because I followed those steps, there have been no successful attacks on the several blogs that I run.
Everything you've worked for will go with it, should the server of your site return. You will make no sales, get no traffic or signups to your website, until you have the website back up again and in short, you're out of business.
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. If you make changes and regular additions to your website, definitely more. If you have a community of people which are in there all the time, or make changes multiple times every day, a daily backup should be a minimum.
As I (our fictitious Joe the Hacker) understand, people have way too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, internet hosting, etc. accounts which all come with logins and passwords you will need to remember.
But realize that security is something you really need to start thinking about. Do not only be explanation the type, consider steps to start protecting yourself. Don't let Joe the Hacker make your life miserable and turn all in creating come crashing down in a matter of seconds, that you've worked so hard.