Since scare tactics seem to be what compels some people to take fix wordpress malware removal a little more seriously, or at the very least start considering the problem, let me shoot a scare tactics your way.
The one I recommend, and the stronger approach, is to use one of the password creation and storage plugins available on your browser. RoboForm is liked by many people, but I believe after a trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate passwords for you; you then use one master password to log in.
Keeping your WordPress website up-to-date is one of the most easy things you can do. For the last few versions, WordPress has included the ability to set up updates. A new update becomes available.
As I (our see this website untrue Joe the Hacker) know, people have far too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts that all include logins and passwords you will need to remember.
Of course it's possible to set up more plugins to make your shop more user friendly like share buttons or backup plugin. That's all. Your shop is now up and running!