Since scare tactics seem to be what drives some people to take fix wordpress malware removal a little more seriously, or at least start thinking about the problem, allow me to shoot a scare tactics your way.
This is great news as it means that there's a strong community of users and developers who could further enhance the platform. However there is a significant group of people attempting to achieve something, there will always be people who will attempt to take them down.
Harness Scanner goes seeking anything suspicious through the find here files on your site comment database and place tables. You are also notified by it for odd plugin names. It does not remove anything, it warns you for threats.
Now we are getting into things specific to WordPress. Whenever you install WordPress, you have to edit the file config-sample.php and rename it to config.php. You need to install the database details there.
There is. People know they could visit your login form and where click for info they can login and try a different combination of passwords and user accounts outside. So as to stop this from happening you want to install Login Lockdown. It is a plugin that only allows users to try to login with a wrong password three times. Following that the IP address will be banned from the server for a certain timeframe.