Since scare tactics seem to be what drives some people to take fix malware problems free a bit more seriously, or at least start considering the problem, let me shoot a couple of scare tactics your way.
I protect an access to important files on the site's server by putting an index.html file in the particular directory, which hides the files out of public view.
Keeping your WordPress site up-to-date is one of the simplest things you can do. For the last few versions, WordPress has included the ability to set up updates. check this site out Not only that, but sites are notified every time a new upgrade becomes available.
Black and pathological-looking phrases that a knockout post were whitelists based on which field they look within. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
Free software: If you've installed scripts search Google for'wordpress security'. You'll get many tips on the best way to create your WP blog protected.