Last year and a half educated us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the world's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
I was helped by it although my first step isn't one you must take. I had a fantastic old style pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me) And I did before I started my site, what I should have done. And here is where I want you to start. Learn hacked. The attractive thing about fix wordpress malware and why so many of us recommend because it is really easy to learn, it is. That is also a detriment to the health of our websites. We have to learn how to put in a security additional info fence.
A simple way would be to use a few tools that are built-in. First of all, don't allow people run a web host security scan, to list the documents in your folders and automatically backup your web hosting account.
Exploit Scanner goes in search of anything suspicious through the files on your site place, comment and database tables. Additionally, it notifies you for odd plugin names. It does not remove anything, it simply warns you for potential threats.
In addition to adding a secret key to your wp-config.php document, also think about altering your user password into something that's strong and unique. WordPress will let you know the strength of your password, but include amounts, use letters, and a good tip is to avoid common phrases. It's also a good idea to change your password regularly - say once.
Do not use wp_ as a prefix for your own databases. Web hosting providers are currently removing that default but if yours does not, fix wp_ to anything else but that.