Okay, you got me: WordPress security isn't the sexiest way to spend your time, but it could end up being one of the most profitable! Nothing is more caustic to the lining of your stomach than having your site go down, and wondering whether or not you've lost it all.
Since scare tactics seem to be at least start considering the issue, or what drives some people to take fix wordpress malware a bit more seriously, allow me to shoot a scare tactics your way.
I protect an access to important files on the site's server by placing an index.html file in the particular directory, that hides the files out of public view.
It's a WordPress plugin. They are drop dead simple to install, have all the features you need for Web Site a task like this, and are relatively inexpensive, especially when compared to having to employ someone to have this done for you.
Now we are getting into things. Whenever you install WordPress, you need to edit the document config-sample.php and rename it to config.php. You want to set up the database information there.
Do your homework and some hunting, but if you're pressed for time and want to get this done once and for all, i thought about this try the WordPress safety plugin that I use. It's a relief to know that my website (and business!) are secure.