By default, the newest version of WordPress is pretty secure. The development team of WordPress has considered anything that might have been added to some fix wordpress malware plugins. In the past , WordPress did have holes but now most of them are stuffed up.
A simple way is to use a few tools. To begin with, do not allow people to list the files in your folders, run a web host security scan and automatically backup your entire web hosting account.
It represents a task that is essential while it's an odd term : creating a WordPress backup of your site to work on offline, or in case something should go amiss. We're not simply being obsessive-compulsive here: servers go down every day, despite their promises of 99.9% other uptime, and if you've had this happen to you, you know the panic is it can cause.
As I (our untrue Joe the Hacker) understand, people have way too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts which all include logins and passwords you will need to remember.
Implementing all of the above will probably take less than an hour to finish, while creating your WordPress site more immune to intrusions. Over 1 million WordPress sites were last year, mainly due to easily preventable security gaps. Have yourself prepared and you're likely to be on the safe side.