Firstly you'll note wordpress is the actual issue here (as described) - if you want to be worried about something be worried about the insecurity of your actual app. What happened there might not be relevant to your problems (it's extremely likely it isn't)
Does seem odd doesn't it? The attacker has managed to execute arbitrary code in order to retrieve some other arbitrary code and execute it and the solution is block pastebin?
There may be some logic to blocking it if you've absolutely no need for it - as it's (apparently) currently being commonly used as a low tech C&C you do at least block that route, but if enough people do block pastebin it's use as a C&C will drop and the blocking becomes worthless.