Year and a half educated us that WordPress security should not be dismissed by any means. Between 15% and 20% of the planet's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
My first step is not one you have to take but it helped me. I had a good old fashion pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me.) And then I did before I started my site, what I should have done. And here is where I want you to start. Learn how to protect yourself before you get hacked. The thing about fix wordpress malware protection and why so many people recommend because it is easy to learn, it is. Unfortunately, that is also a detriment to the health of our websites. We have to learn how to add a security fence around our site.
After spending a few days and hitting several spots around town, I eventually find a cafe which provides free, unsecured click for source Wi-Fi and to my pleasure, there are a ton of folks sitting around each day connecting their laptops to the"free" Internet services. I use my handy dandy cracker tool that is published here Wi-Fi and sit down and log myself. Bear in mind, they're all on a network that is shared.
This is quite useful plugin, protecting you against brute-force password-crack attacks. It keeps track of the IP address of every login attempt. You can configure the plugin to disable login attempts for a selection of IP addresses when a certain number of failed attempts is reached.
Install the WordPress Firewall Plugin. Prevent and this plugin investigates web requests with simple WordPress-specific heuristics to identify attacks.
Do your homework and some hunting, but if you are pressed for time and need to get this done once and for all, try out the WordPress safety plugin that I use. It is a relief to know that my site (and company!) are secure.