A half and last year taught us that WordPress security should not be dismissed by any means. Between 15% and 20% of the planet's high traffic websites are powered by WordPress. The fact it is an Open Source platform and everyone has access to its Source Code makes it a tempting prey for hackers.
Let me shoot a scare tactics your way since scare tactics appear to be what compels some people to take fix wordpress malware attack a bit more seriously, or at the very least start considering the problem.
Strong passwords - Do your best to use a strong password, alpha-numeric. Easy to remember passwords are also easy to guess!
1 thing you can take is to delete the default administrator account. This is critical because if you don't do it, a user name which they could attempt to crack is already known by malicious user.
Now we are my explanation getting into matters. You must rename it to config.php and alter the document config-sample.php, when you install WordPress. You will need to deploy the database facts there.
Oh . And by the way, I talked about plugins. When i thought about this you get a new plugin, make sure it's a secure one. Do not install any plugin because the owner is saying that plugin will allow you to do this or that. Use get a software engineer to analyze it carefully, or maybe a test site to check the plugin. This way isn't a threat his comment is here for you or your organization.