Malware is an abbreviated term meaning “malicious software.” This is software that is specifically designed to gain access or damage a website without the knowledge of the owner. There are various types of malware including spyware, keyloggers, true viruses, worms, or any type of malicious code that infiltrates your website. Malware is commonly used to compromise passwords in cases such as this.
UPDATE YOUR SCRIPTS, THEMES AND PLUGINS
A common pitfall for many webmasters is to install a forum or blog on their website and then forget about it. Much like taking your car in for a tune-up, it's important to make sure you have all the latest updates for any software program you have installed.
Make a list of all the software (WordPress, Joomla or any other script) and plug-ins used for your website, and keep track of the version numbers and updates. You must perform the updates regularly to prevent malware infections.
NEVER USE NULLED SCRIPTS, THEMES AND PLUGINS
Pick third-party content providers very carefully. If you're considering installing an application provided by a third party, such as a script, widget, counter, or ad network, be sure to exercise due diligence and it's not nulled. While there are many great third-party content on the web (specially nulled scripts), it's also possible for providers to use these applications to push exploits, such as dangerous scripts, towards your visitors. Make sure the application is from a reputable source.
If unsure on which program to use to scan for malware, we have found the following programs to be effective:
Microsoft Security Essentials: http://www.microsoft.com/Security_Essentials/
Spybot S&D: http://www.safer-networking.org/index2.html
No one single anti-malware application will catch 100% of all malware on-the-wild, so scans with two or more reputable malware scanners is recommended.
When changing a password please use good password strength.
Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.