Since scare tactics appear to be at the very least start thinking about the problem, or what compels some people to take fix wordpress malware cleanup a bit more seriously, allow me to shoot a scare tactics your way.
The stronger approach, and the one I recommend, is to use one of the generation and storage plugins available for your browser. Lots of people like RoboForm, Homepage but I believe after a trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate secure passwords for you.
Fortunately, keeping your WordPress website up-to-date is one of the simplest things you can do. For the last few versions, the ability to install updates has been included by WordPress. Not only that, but websites important link are notified every time a new upgrade becomes available.
It's really sexy to fan the flames of fear. That's what journalists and bloggers and politicians and public figures do. It's great for readership and it brings money. Balderdash.
Don't use wp_ as a prefix for your databases. Most web hosting providers are removing that default but if yours does not, adjust wp_ to anything else but that.