Since scare tactics seem to be what drives some people to take fix wordpress malware plugin a bit more seriously, or at the very least start thinking about the problem, let me shoot a scare tactics your way.
The one I recommend, and the approach, is to use one of the creation and storage plugins available for your browser. RoboForm is liked by people, but I think after a trial period, you have to pay for it. I use the free version of their website Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate secure passwords for you.
Keep your WordPress Setup to date - One of the simplest and most valuable tasks you can do yourself is to ensure that your WordPress installation is updated. WordPress gives you a notice on your dashboard, so there is really no reason not to do this.
BACK UP your site frequently and keep a copy on your computer and off-site storage. For those who have a very active website, back up daily. You spend a whole lot of money and time on your site, don't skip this! The one solution that does it all is BackupBuddy, no other plug-ins back up database, widgets, plugins and your files. Need to move your website to another host, this will do it in less than a couple of minutes!
These are a few of the things I do to secure my blogs. Great thing is that they don't require much time to do. These are easy options, which can be carried out easily.