I would export posts/pages, scan that file for malware, and rebuild site from scratch...THEN:
I would backup my files and db often - files are backed up after update to WP, update to plugins, or update to theme : site updates...the db needs to be backed up so that site content and settings are not lost.
If a site is hacked or some issue arises, restoring a site from a backup can be quite easy, fixing a hacked site not so much so...
Use strong passwords! having your domain blacklisted or otherwise known to contain malware will lead that domain to be blocked by varying tools that web users rely on.