Allow me to shoot a few scare tactics your way since scare tactics seem to be what drives some people to take fix wordpress malware fix a bit more seriously, or at least start thinking about the issue.
Everything you have worked for will proceed with it should the server of your site return. You will make no sales, get signups or no visitors to your website, until you have the site back up 32, and in short, you are out of business.
Exclude pages - This plugin adds a checkbox,"include this page in menus", which is checked by default. If you uncheck it, the page will not appear in any listings of webpages (which contains, and is navigate to this site usually limited to, your webpage navigation menus).
You can create a firewall that blocks hackers. The hacker is prevented by the firewall from coming into your own files. You must also have updated version of Apache. Upgrade your PHP as well. It's essential that your system address is always filled with upgrades.
I prefer find using a WordPress plugin to get the job done. Just make sure is able to do select copies, has restore functionality, and can clone. Be sure that it is often updated to keep pace. There is not any use in not working, and backing up your data to a plugin that is out of date.