By default, the latest version of WordPress is pretty secure. Anything that might have been added to any fix wordpress malware attack plugins has been considered by the development team of WordPress . In the past , WordPress did have holes but most of them are filled up.
This is great news because it means that there's a community of users and developers that could further improve the platform. Whenever there's a significant group there will always be people who will attempt to take them down.
This is quite handy plugin, protecting you against brute-force password-crack attacks. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts when a certain number of attempts is reached.
You can also make a firewall this page that blocks hackers. The hacker is prevented by the firewall from coming to your files. You also have to have version of Apache. Upgrade your PHP. It's essential that your system is always filled with upgrades.
Oh . And incidentally, I was talking about plugins. Make sure it's a safe one, when you get a plugin. Don't install any plugin because the owner is saying that plugin will allow you to do this or that. Maybe use maybe, or a test site to look at the plugin get a software engineer to analyze it. This way isn't a threat for you or your organization.