In my view, the best way to ensure that your fix wordpress malware fix that is is through using a WordPress backup plugin. This is a relatively inexpensive, elegant and easy to use way to be certain that your website is available to you in the event of a disaster.
No software system is resistant to vulnerabilities and bugs. Security holes will be discovered and guys will do their best to exploit them. Keeping your software up-to-date is a good way once security holes are found, because their products will be fixed by reliable software sellers.
Recently, an unknown visit site hacker hacked the blog of Reuters and posted a fake news article. Their reputation is already destroyed due to what the hacker this post did, since Reuters is a news site. The same thing may happen to you if you do not pay attention.
You may extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think you can use it and this plugin is a good option.
Implementing all of the above will probably take less than an hour to finish, while creating your WordPress website much more immune to intrusions. Over 1 million WordPress websites were last year, largely due to easily preventable safety gaps. Have yourself prepared and you're likely to be on the safe sites side.