Since scare tactics seem to be what compels some people to take repair hacked wordpress site a bit more seriously, or at least start thinking about the issue, let me shoot a few scare tactics your way.
Hackers do not have the capability to come to your WordPress blog once you got all these lined up for your security. You definitely can have a WordPress account especially that one which gives you big bucks from affiliate marketing.
Keep control of your assets - Nothing is worse than getting your livelihood in someone else's hands. Why take chances with something as important as your website?
You can extend the plugin features with premium plugins such as: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think this plugin is a good option and you can use it for free.
There are always going to be risks being online (or even just being alive!) And it's easy to get caught up in the panic. We put the breaks on, when we get visite site caught up in the fear. This isn't a response. Simply take some common sense precautions, then forge ahead. If something bad does happen, it will have to be addressed then and of quaking in your boots 23, no amount will have helped. All is good, web if nothing does and you have not made yourself sick with worry.