A half and year educated us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the planet's high traffic sites are powered by WordPress. The fact it is an Open Source platform and everyone has access to its Source Code makes it a tempting prey for hackers.
My first step isn't one you must take but it helped me. I had a fantastic old style pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me) And then I did before I started my website, what I should have done. And here is where I would like you to start as well. Learn how to protect yourself before you get hacked. The beautiful thing about fix malware problem and why so many of us recommend because it is easy to learn, it is. Unfortunately, that More Info can also be a detriment to the health of our sites. We have to learn how to put in a safety fence.
After spending a couple of days and hitting a few spots around town, I finally find a cafe that provides free, unsecured Wi-Fi and to my pleasure, there are a ton of people sitting around each day connecting their laptops to the"free" Internet services. I sit down and use my handy dandy cracker tool that is Wi-Fi and log myself into people's computers. Remember, they are all on a shared network.
Move your wp-config.php file one directory up from the WordPress root. WordPress will search for it if it cannot be found in the main directory. Additionally, nobody will be able to read the file unless they've FTP or SSH access to your server.
If you're not currently running the latest version of WordPress, upgrade. Similar to keeping your door unlocked when you leave for vacation, leaving your website is.
Free software: If you have installed scripts such as Wordpress, search Google for'wordpress security'. You'll get many tips.