Allow me to shoot a scare tactics your way since scare tactics seem to be what drives some people to take fix wordpress malware attack a bit more seriously, or at least start thinking about the issue.
An easy way to maintain WordPress safe would be to use a few built-in tools. First of all, don't allow people to list the documents run a web host security scan and automatically backup sites your web hosting account.
Maintain control of your assets - Nothing is worse than having your livelihood in the hands of someone else. Why take chances with something as important as your site?
Install the WordPress Firewall Plugin. Stop and this plugin investigates web requests with WordPress-specific heuristics that are easy to identify attacks.
Do not use wp_. Most web hosting providers are removing that default but if look what i found yours doesn't, fix wp_ to anything else but that.