Over the past year, I have had my wordpress websites hacked twice. I have like four wp sites and all of them are hosted on a shared hosting account (finally moved to a reseller plan).
Needless to say - having your websites hacked is no fun. I had to completely start from scratch both the times. Yes, I do keep database backups but still I had to do a clean install or the malware would keep coming back.
But I seem to have found the solution in a free wp plugin:
WordPress › Better WP Security « WordPress Plugins
I have it running for over 2 months now and it feels so much secure just to have installed it.
You would be surprised to know about the amount of hack attempts that your wp website goes through every day. Here's a screenshot from my Better WP Security back end:
The 404 errors are from "hackers" checking for vulnerable plugins on your wordpress installation.
Also, brute forcing is not very uncommon for wordpress blogs. Here's another screenshot:
Better WP security automatically blocks ip addresses that attempts more than a few bad logins. The plugin also notifies you of any file changes on your server so in case of malware infection - you can easily pin point the files affected and clean up is very much easier.
The plugin also sends you an email everyday with your database backup.
So, do yourself a favor and install this wordpress plugin!