Since scare tactics seem to be what compels some people to take fix wordpress malware attack a bit more seriously, or at least start thinking about the issue, allow me to shoot a scare tactics your way.
Backup plug-ins is also significant. You need to backup database and all the files you can easily bring your own site back like nothing happened.
I don't think there's a person out there that after learning how much of a problem WordPress hacking is that it is a good idea to enhance the security of their blogs. Something I've noticed through the years is that when it comes to securing their sites, bloggers seem to be stuck in this reactive state.
Whitelists pathological-looking click site phrases and black based on which area they appear inside. (unknown/numeric parameters vs. known article bodies, comment bodies, etc.).
Oh . And incidentally, I talked about plugins. Make sure it's a safe one when you get a plugin. Don't install any plugin simply because the owner is saying on his site that plugin will allow you to do this or that. Use maybe, or a test site to check the plugin get a software engineer to analyze it. This way you'll know it is not a threat for your organization or you.