Since scare tactics seem to be at the very least start thinking about the problem, or what compels some people to take fix wordpress malware protection a bit more seriously, allow me to shoot a couple of scare tactics your way.
Hackers don't have the power once you got all these lined up for your own security to go come to your WordPress blog. You definitely can have a WordPress account that gives you big bucks from affiliate marketing.
Keep your WordPress Installation up to date - One of the simplest and most valuable tasks you can do yourself is to ensure that your WordPress installation is updated. WordPress gives a notice on your dashboard to you, so there is really no reason.
Phrases that were whitelists and black based on which area get more they appear inside, in a page request. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
The plugin should be regularly updated to remain current with the latest WordPress release, play nice and have WordPress cloning and restore capabilities. The ability to try this clone your site (along with regular backups) can be helpful if you ever want to do an offline website redesign, among other things.