I will try to give you some of the best and easiest advice to keep your site off malware and viruses. So what can you do to protect your website?
- Always keep your WordPress updated. You must try to have the latest version of core WordPress. Why? Because most of the updates solve security problems
- Always keep your theme and plugins updated. The same apply for the themes and plugins
- Set a strong password for administrator username
- Try not to use the administrator username as admin
- Install a plugin like Wordfence or iThemes Security. The second one is the best one.
- Check from time to time on administration panel the Users-> All users. Check to see what users have administrator role.
- Try to make your custom URL for login.
- soon more updates