Since scare tactics appear to be what compels some people to take fix malware problems free a bit more seriously, or at least start considering the issue, let me shoot a scare tactics your way.
Do not depend on your internet host - Many people depend on their web host to"do all advice that technical stuff for me", not realizing that sometimesthey don't! Far better to have the responsibility lie with you, rather than from your control.
Exploit Scanner goes through the files on your site database, find more info comment and place tables more info here in search of anything suspicious. You are also notified by it for plugin names. It doesn't remove anything, it simply warns you for threats.
Now we are getting into matters specific to WordPress. Whenever you install WordPress, you need to edit the document config-sample.php and rename it to config.php. You want to set up the database details there.
Using a plugin for WordPress security makes great sense. Backups will need to be carried out on a regular basis. Do not become a victim as a result of not being proactive!