Since scare tactics appear to be at the very least start considering the problem, or what compels some people to take fix wordpress malware removal a bit more seriously, let me shoot a scare tactics your way.
Safeguard your login credentials - Don't keep your login credentials where they might be found by a hacker. Store them off, as well as offline. Roboform is good for protecting them. Food for thought!
It's a read this article WordPress plugin. They are drop dead simple to install, have all the features you need for a task like this, and are relatively cheap, especially when compared to having to employ someone to get this done for you.
In addition to adding a secret key to your wp-config.php document, also think about changing your user password to something that's strong and unique. A great idea is to avoid phrases, use letters, and include amounts, although wordPress will Source tell you the strength of your password. It's also a good idea to change your password frequently - say once.
Software: If you have installed free scripts such as Wordpress, search Google for'wordpress security'. You'll get tips on how best to create your WP blog secure.