Let me shoot a few scare tactics your way since scare tactics appear to be what compels some people to take fix wordpress malware attack a bit more seriously, or at the very least start thinking about the problem.
This is fantastic news because it means that there's a community of developers and users who could further improve the platform. However there's a big group there will always be people who will attempt to take down them.
One step you can take is to delete the default administrator account. This is important because a fantastic read if you do not do it, malicious user know a user name which they could try to crack.
WordPress is one of the most popular platforms for sites and self-hosted sites. While WordPress is pretty secure from the box, there are always going to be people who wish to make trouble by finding a way to try these out split into sites or accounts to cause harm or inject hidden spammy links. That's why it's important to make sure that your WordPress installation is as secure as possible.
Using a plugin for WordPress security makes sense. WordPress backups find more info need to be performed on a regular basis. Don't become a victim as a result of not being proactive about your site!