By default, the newest version of WordPress is pretty darn secure. Anything which may have been added to any fix wordpress malware protection plugins has been considered by the development team of WordPress . In the past , WordPress did have holes but now most of them are filled up.
The one I recommend, and the approach, is to use one of the creation and storage plugins available on your browser. RoboForm is liked by people, but I believe after a trial period, you have to pay for it. I use the free version of Get More Information Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate passwords for you.
For me it's a WordPress plugin. They are drop dead easy to install, have all the functions you need for a job such as this, and are relatively inexpensive, especially when compared to having to hire someone to have this done for you.
Whitelists phrases and black based on which area they look within. (unknown/numeric parameters vs. known post bodies, remark bodies, etc.).
When your site is new, you do think about needing security but you do have to protect yourself and your investment. Having a site go down and not having the ability to restore it quickly can mean a major loss of customers who probably won't remember to search for your website again later and can't find you. Don't let this happen to you. Back up your site as soon as you get it started, as the site is operational, and schedule backups for as long. That way, you will have WordPress security and peace of mind.