Since scare tactics appear to be what compels some people to take fix wordpress malware protection a bit more seriously, or at least start thinking about the problem, let me shoot a few scare tactics your way.
It's not uncommon for sites to be hacked by a random person today. Actually, even whole domains get hacked. If you aren't a programmer or a programmer, there's absolutely not any way that you will actually understand anything about programming languages or codes. This is the main reason why some of the men and women who do not know anything about codes end up thinking if there are some methods to protect investments and their websites from such hackers.
While it's an odd term, it represents a task that is necessary . We are not only being obsessive-compulsive here: servers go down every day, despite their claims of 99.9% uptime, and use this link if you've had this happen to you, you know the panic is it can cause.
Along with adding a secret key to your wp-config.php file, also consider altering your user password into something that's strong and unique. WordPress will let you know the strength of your password, but a great tip is to avoid common phrases, use letters, and include numbers. It's also a good idea to change your password regularly - say once every six months.
Don't use wp_. Most web hosting providers are removing that default but if yours does not, adjust wp_ to anything but that.