By default, the newest version of WordPress is pretty darn secure. The development team of WordPress has considered anything that might have been added to some fix wordpress malware plugin plugins. Before, WordPress did have holes but now most of them are filled up.
Do not depend on your internet host - Many official website people depend on their web host to"do all that technical stuff for me", not realizing that sometimes, they do not! Far better to have the responsibility lie instead of out of your control.
One thing you can take is to delete the default administrator account. This is important because if you don't do it, malicious user know a user name which they could attempt to crack.
Another step to take to make WordPress secure is to upgrade WordPress. The find more main reason behind this is that with every update there come fixes for security holes which makes it essential to update early.
Change admin username and your WordPress password, or your password and collect and use good WordPress safety tips to keep hackers out!