Here is the brief list by our wordpress experts, which will help you clean/avoid the malware on your wordpress sites!
1. Change FTP and admin logins
2. Install wordpress security plugins
3. Change wordpress prefix in the database
4. Rename admin folder so that a hacker can’t reach your admin folder for a forced entry.
5. upgrade wordpress to its latest version
6. upgrade plugins to their latest version
6. Remove inactive themes and plugins
7. Update your server
Finally use complicated passwords and change them often!