Last year and a half taught us that WordPress security shouldn't be taken lightly by any means. Between 15% and 20% of the planet's high traffic sites are powered by WordPress. The fact it is an Open Source platform and everyone has access to its Source Code makes it a prey for hackers.
Since scare tactics seem to be at the very least start thinking about the problem, or what compels some people to take fix malware problems free a little more seriously, allow me to shoot a scare tactics your way.
The one I personally recommend, and the more powerful approach, is to use one of the generation and storage plugins available for your browser. I believe after a free trial period, you need to pay for it, although Lots of people like RoboForm. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate secure passwords for you.
Exclude pages - This plugin adds a checkbox,"include this page in menus", which can be checked by default. If you uncheck it, the page will not appear in any listings of webpages (which includes, and is usually restricted to, your webpage navigation menus).
BACK UP your site and keep a copy on your own computer and off-site storage. Back up every day if you have a website that is very active. You spend a whole lot of money and time on your site, do not skip this! Is BackupBuddy, no back up plugins, widgets, click here to find out more your files and database. Need to move your site this will do it in under a few minutes!
Do your homework and some hunting, but if you are pressed for time and want to get this done once and for all, try the WordPress security plugin that I use. It's a relief to know that my website (and company!) are secure.