If a hacker has gained entry to the admin area of the site, you're pretty much toast whatever you do. In reality, many hackers don't bother uploading plugins (at least not the ones I've seen - and that's quite a few). Instead they focus on gaining access to the server and/or the database - at which point they can directly inject whatever they want into wherever they want. So, later on, if you find an infected plugin, it doesn't mean that the hacker uploaded it "as is". It usually means that the original plugin was OK but that the hacker injected additional coding after it was already on the server.
I do appreciate that there are a minority of rogue themes & plugin out there that are created simply to insert hacker back doors for easier access but I'm not convinced that a blanket ban is the best way to deal with these. The best approach is IMO is to take a pro-active stance on your site's security generally.
1. Always know what you're uploading and from where (aka Following the Garbage In, Garbage Out policy). If in doubt, stick to wordpress.org for downloads.
2. Secure the site generally by following the advice in Hardening_WordPress.
3. Use strong passwords and guard them with your life. This includes FTP passwords. Many hacks result from "FTP leaks" that give hackers access to your FTP logins. So use SFTP is possible and never store un-encrypted passwords on any computer.
4. Scan your own computer regularly for malware or key loggers.
5. If you feel it's really necessary, install a malware scanning plugin on your site. There are a few available from here.