Since scare tactics seem to be what compels some people to take fix wordpress malware protection a bit more seriously, or at least start thinking about the problem, allow me to shoot a couple of scare tactics your way.
Safeguard your login credentials - Don't keep your login credentials where a hacker could find them. Store them offsite, as well as offline. Roboform is for protecting them good . Food for thought!
Move your wp-config.php file up one directory from the WordPress root. WordPress will search for it if it can't be found in the main directory. Also, nobody will have the ability to read the file unless they have SSH or FTP access.
Along with adding a secret key to your wp-config.php file, also consider altering your user password into something that's strong and unique. A good idea is to avoid common phrases, use upper and lowercase letters, and include amounts, although you will be told the strength of your password by wordPress. It's also a good idea to change your password frequently - say once every six months.
There is another problem you click here for more info have with WordPress. People know they could just visit your login form and where they can login and try a different combination of user accounts and passwords outside. In order to prevent this from happening you want to install Login Lockdown. It is a plugin that lets users attempt and login with a password three times. Following that the IP address will be banned from the server for a certain timeframe.