By following some simple steps you can protect your WordPress Blog by malware attacks:
1. Always backup your all data
2. Use strong passwords:
3. Number of login attempts need to be restricted to a certain number
4. Avoid using any free themes and plugins and choose your plugins wisely
5. Hide your wordpress version by using remove_action(‘wp_head’, ‘wp_generator’); in function.php file
6. Keep your blog with updated version of wordpress
7. Use .htaccess file for hide indexes
8. Change the database prefix other than “wp_”
9. Change default username from “admin”
10. Remove unused themes and plugins
11. File permission need to set correctly
12. Create custom secret keys for wp-config.php file
13. Remove sample page & post
14. Protect your wordpress admin access
15. Choose the right web host