By default, the latest version of WordPress is pretty secure. The development team of WordPress has considered anything that might have been added to some fix wordpress malware scanner plugins. In the past , WordPress did have holes but most of them are stuffed up.
Essentially, it will start with the basics. Attempt to use passwords. Use special characters, numbers, letters, and spaces and combine them to make a password that is unique. You could also use usernames that aren't obvious.
Exclude pages - This plugin provides a checkbox,"include this page in menus", which can be checked by default. If you uncheck it, the page will not appear in any listings of webpages (which includes, and is ordinarily limited to, your page navigation menus).
In addition to adding a secret key to your wp-config.php file, also think about changing your user password into something that's strong and unique. WordPress will let you know the strength of your password, but include numbers, use letters, and a great tip is to avoid phrases. It's also a good idea to change your password frequently - say once every six months.
Oh . And weblink by the way, I talked about plugins. When you get a plugin, make sure it's a safe one. Do not install any plugin simply because the owner is saying on his website that plugin can help you do this or that. Maybe use a test blog to look at the plugin, or maybe get a software engineer to analyze it carefully. This way you'll know it is not a threat for you or your business.