Let me shoot a scare tactics your way since scare tactics seem to be what compels some people to take fix malware problems free a bit more seriously, or at the very least start considering the problem.
I protect an access to important files on the blog's server by putting an index.html file in the particular directory, that hides the files from public view.
It's a WordPress plugin. They're drop dead easy to install, have all the features you need for a task like this, and are relatively cheap, especially when read review compared to having to hire someone to have this done for you.
So what's the best way? Out of all the possible choices that are view publisher site available today, which one is right for you personally and which route should you choose?
But realize that online security is something you really need to start thinking about. Don't just be the type, consider steps to start protecting yourself today. Do not let Joe the Hacker make your life miserable and turn all in creating come crashing down in a matter of moments that you've worked so hard.