By default, the newest version of WordPress is pretty secure. The development team of WordPress has considered anything that might have been added to any fix wordpress malware fix plugins. Before, WordPress did have holes but most of them are filled up.
No software system is resistant to vulnerabilities and bugs. Security holes will be discovered and guys will do their best to exploit them. Keeping your software up-to-date is a fantastic way to stave off attacks, once security holes are found, because their products will be fixed by software vendors.
This is very handy plugin, protecting you against brute-force password-crack attacks. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts for a selection of IP addresses when a certain number of attempts is reached.
Whitelists phrases and black based on which field they look within. (unknown/numeric parameters vs. known article bodies, comment bodies, etc.).
You don't always consider needing security, when your site is new but you do need to protect your investment and yourself. Having a site go down and not being able to restore it quickly may mean a loss of consumers who probably won't remember to search for your site again later and can not find you. Don't let this happen to you. Back up your site after you get it started, as the site is operational and schedule backups for as long. This way, you'll have peace and her explanation WordPress security of mind.