Let me shoot a couple of scare tactics your way since scare tactics seem to be what compels some people to take fix wordpress malware cleanup a little more seriously, or at least start considering the issue.
Also, don't make the mistake reference of believing that your web host will have your back so far as WordPress copies go. Not always. It's been my experience that the company may or might not be doing proper backups, while they say that they do. Why take that kind Discover More of chance?
One step you can take is to delete the default administrator account. This is important because if you do not do it, a user name that they could attempt to crack is known by malicious user.
Take note of your new password for the next see post time you sign in! I suggest the version of the software that is secure *Roboform* to remember your passwords.
Software: If you've installed free scripts like Wordpress, search Google for'wordpress security'. You will get many tips.