I've had two WordPress blogs hacked into previously. That was at a time when I was doing almost no internet advertising, and until I found time to handle the situation (weeks later), these sites were penalized in the main search engines. They weren't eliminated the evaluations were reduced.
Since scare tactics seem to be what compels some people to take secure your wordpress website a bit more seriously, or at least start thinking about the issue, let me shoot a scare tactics your way.
Use strong passwords - Do what you can to use a strong password, alpha-numeric, with upper and lower case and special characters. Easy to remember passwords are straight from the source easy to guess!
Keep your WordPress Setup to date - One of the simplest and most valuable tasks you can do yourself is to ensure that your WordPress installation is upgraded. WordPress gives you a notice on your dashboard, so there's really no reason not to do this.
Now we are getting into things specific to WordPress. Whenever you install WordPress, you have to edit the file config-sample.php and rename it to config.php. read here You need to install the database details there.
Of course you can set up plugins to make your store like automated plugin or share buttons. That's all. Your store is up and running!