Prevention
IMPORTANT: Always keep your WordPress site, theme and plugins updated at all times. This will ensure any security flaws are addressed.Keep A Backup Of The Original Files
It's a good idea to keep a directory on your hard drive (or an archive you can extract later) of all the WordPress files, folders, and also for the Theme you are using and any Plugins. Be sure these are the same version as you have currently installed on your site, but are not downloaded from your site (but instead downloaded from the official WordPress site). This ensures you have a "clean" copy of all your files. you may also want to save your wp-config.php file before uploading it to your site. Having these files handy to compare to can help you determine if your site has been compromised.
Install and Configure Your WordPress Site Correctly
Be sure to follow the instructions in the Installation part of this tutorial and set up the extra security options for the Configuration. This will help stop some of the common ways bots and malware get into your site.
Be Careful Where You Get Themes and Plugins
Be very careful to use only themes and plugins that are secure. This may be hard to do which is why we always recommend getting your themes and plugins from the Official WordPress Site. If you obtain themes or plugins from other sites, be sure to do some research to see if others have had problems with the theme or plugin you wish to use. While some themes and plugins may look good, they may also contain malware code which can cause your site to send spam or be compromised in other ways.