I don't know about you, but I researched to see what others were doing to maintain their blog secure, and when I first secured my WordPress blog, I found so much information I was confused. And some of the data was actually on superstitious or the top. People told me rename this folder, to rename this file and set up these ten plugins. It appeared to be quite a lot of work and effort.
Allow me to shoot a scare tactics your way since scare tactics appear to be what drives some people to take fix wordpress malware protection a bit more seriously, or at the very least start thinking about the issue.
There are ways to pull off this, and many of them involve copying and FTPing files, exporting and re-establishing databases and much more. Some of these are very complicated, so it's imperative that you go for the right one. Then you might want to look into using a plugin for WordPress backups if you are not of the technical persuasion.
Exploit Scanner goes through the files on your website comment database and place tables seeking anything suspicious. It also notifies you for plugin names. It does not remove anything, it warns you for possible threats.
You may extend the plugin features with premium plugins like: Amazon why not try this out S3 plugin, Members only plugin, DropShop etc.. So I think this plugin is a fantastic choice and you can use it.
These are some of the things I do to protect my blogs. Thing is they don't require much time to perform. These are easy options, which can be carried out easily.