Since scare tactics appear to be what compels some people to take fix wordpress malware attack a little more seriously, or at least start considering the problem, allow me to shoot a few scare tactics your way.
I protect an access to important files on the blog's server by putting an index.html file in the particular directory, which hides the files from public view.
There's a section of config-sample.php that is headed"Authentication Unique Keys." There are four definitions which appear within the block. A hyperlink important site is within that part of code. You need to enter that link into your browser, copy the contents which you return, and then replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically generate a"logged-in" cookie for your website.
As I (our untrue Joe the Hacker) click this site understand, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, internet hosting, etc. accounts that all come with logins and passwords you need to remember.
Using a plugin for WordPress security makes sense. WordPress backups need to be carried out on a regular basis. Don't become a victim of not being proactive about your 16, as a result!