By default, the latest version of WordPress is pretty darn secure. The development team of WordPress has considered anything that might have been added to any fix wordpress malware plugin plugins. In the past , WordPress did have holes but now most of them are stuffed up.
Is also important. You want to backup all the files and database so in case of a sudden attack, you can easily bring your blog back like nothing happened.
For me it's a WordPress plugin. They are drop dead easy to set up, have all the functions you need for a job like this, and are relatively inexpensive, especially when compared to having to employ someone to have this done for you.
Note that you should try this last step for new installations. You will also need to change the table names inside the database if you would like to do it browse around these guys for Homepage existing installations.
Using a plugin for WordPress security makes great sense. WordPress backups need to be performed on a regular basis. Do not become a victim because of not being proactive about your site!