A half and last year educated us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the world's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everyone has access to its Source Code makes it a prey for hackers.
Cloning your website is another level in fix wordpress malware attack that can be useful. Cloning simply means that you've backed up your website to a totally different place, (offline, as in a folder, so as to not have SEO problems) where you can get it at a moment's notice if the need arises.
Well, we're talking about WordPress but what's the sense of doing upgrades and security checks if your computer is at risk of hackers. There are malicious files which can encrypt key loggers in your PC. Regardless of what you do, they can access everything that you type on your computer when this occurs. You can find a good deal of antivirus programs that are good go now . Just look for a credible antivirus program or ask experts about this.
This is very handy plugin, protecting you against brute-force strikes that are password-crack. It keeps track of the IP address of every login attempt. You can configure the plugin to disable login attempts when a certain number of failed attempts is reached.
Phrases that were whitelists and black based on which area they appear within, in a page request. (unknown/numeric parameters vs. known article bodies, remark bodies, etc.).
Don't use wp_ as a prefix for your own databases. Web hosting providers are currently removing that default but if yours does not, fix wp_ to anything but that.