Year and a half taught us that WordPress security shouldn't be taken lightly by any means. Between 15% and 20% of the planet's high traffic websites are powered by WordPress. The fact it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
In my view, the best way to ensure that your that is fix malware problems free is via the use of a WordPress backup plugin. This is a relatively inexpensive, easy and elegant to use way to make sure your site is accessible to you in case of a disaster.
You can look. If hackers explanation suddenly hack your site, you can restore your site by means of your files and change.
Exclude pages - This plugin adds a checkbox,"include this page in menus", which is checked by default. If you uncheck it, the page will not appear in any listings of pages (which includes, and is ordinarily limited to, your page navigation menus).
Pathological-looking phrases that were whitelists and black based on which use this link area they appear inside. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
Don't use wp_ as a prefix for your databases. That default is being eliminated by web hosting providers but if yours does not, fix wp_ to anything else but that.