Let me shoot a few scare tactics your way since scare tactics appear to be what drives some people to take fix malware problems free a bit more seriously, or at least start considering the issue.
The stronger approach, and the one I recommend, is to use one of the password creation and storage plugins available on your browser. I believe after a free trial period, you need to pay for it, although people like RoboForm. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate passwords for you.
Move your wp-config.php read this post here file up one directory from the WordPress root. WordPress will look for it if it cannot be found in the root directory. Additionally, nobody else will have the ability to read the document unless they have FTP or SSH access to your server.
In addition to adding a secret explanation key to your wp-config.php document, also think about altering your user password to something that is strong and unique. WordPress will tell you the strength of your password, but a good tip is to avoid phrases, use letters, and include amounts. It's also a good idea to change your password frequently - say once.
Always bear in mind that the security of your blogs depend on how you manage them. Be sure that you follow these tips that are simple to avoid exploits and hacks on sites and your blogs.