Since scare tactics appear to be at least start thinking about the issue, or what compels some people to take fix wordpress malware scanner a little more seriously, let me shoot a couple of scare tactics your way.
Strong passwords - Do what you can to use a password, alpha-numeric. Easy to remember passwords are also easy to guess!
This is quite handy plugin, protecting you against brute-force password-crack strikes. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts when a certain number of attempts is reached.
Can you view that folder what if you visit WP-Content/plugins? If so, upload this blank Index.html file into that folder as well so people can't see what plugins you might have. Because if your current version of WordPress is current, if you are using a plugin or an old read this plugin More hints using a security hole, someone can use this to get access.
Whenever your website is new, you don't always think about needing security but you do need to protect yourself and your investment. Having a site go down why not try here and not having the ability to restore it can mean a major loss of consumers who won't remember to look for your site later and can't find you. Do not let that happen to you. Back your site up as soon as you get it started, as the website is operational and schedule regular backups for as long. That way, you will have WordPress security and peace of mind.