Since scare tactics seem to be what drives some people to take fix wordpress malware attack a bit more seriously, or at the very least start considering the problem, let me shoot a couple of scare tactics your way.
After spending a few days and hitting a few spots around town, I finally find a cafe which provides free, unsecured Wi-Fi and to my pleasure, there are a ton of people sitting around daily connecting their laptops to the"free" Internet services. I use my handy dandy Wi-Fi cracker tool and sit down and log into people's computers. Bear in mind, they content are all on a network.
Maintain control of your online assets - Nothing is worse than having your livelihood in the hands of somebody else. Why take chances with something as important as your website?
Now it's time to register for a new Facebook account and use this individual's name and identity to present as your buddy. After I get it all set up, I'll be emailing you posing as your friend and asking you to be friends with me on Facebook (or Twitter, or whichever societal site).
Utilizing a plugin for WordPress security only makes sense. Backups will need to be performed on a regular basis. Don't become a victim because of not being proactive!