A half and year taught us that WordPress security shouldn't be taken lightly by any means. Between 15% and 20% of the world's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
By default, the latest version of WordPress is pretty darn secure. Anything that might have been added to any fix malware problem plugins has been considered by the development team of WordPress . In the past , WordPress did have holes but most of them are stuffed up.
This is great news as it means that there is a strong community of developers and users who can further enhance the platform. However there's a group there'll always be people who will try to take down them.
You should also place the"Anyone Can Register" in Settings/General to away, and you ought to have some sort of spam plugin. Akismet is the a fantastic read one I use, the old standby, but there are many of them these days.
Along with adding a secret key to your wp-config.php file, also consider changing your user password into something that's strong and unique. WordPress will let you know the strength of your password, but a good tip is to avoid common phrases, use upper and lowercase letters, and include numbers. It's also a good idea to change your password regularly - say once every six months.
Implementing all of the above will probably take less than an hour to finish, while creating your WordPress website more immune to intrusions. Over 1 million WordPress sites were cracked this past year, largely due to preventable safety gaps. Have yourself prepared and you're likely to be on the safe side.