I recently came across malware in my WordPress installation even though I am running the latest version of WordPress and not running any other plugin apart from JetPack. I tried removing the malware and updating all the WordPress files only to get infected again a few days after. So Far these steps have mitigated the malware from infecting  and/or penetrating my site.

.htaccess conditions

I added these rules to my .htaccess file. This will append or replace the existing rules of WordPress as well as the WordFence Plugin if you use it,

Installed WordFence Plug-in

I installed WordFence to scan and replace WordPress core files. I only use the free version, though there is a premium version available with more automation features.

Updated passwords and changed DB table prefix

If you haven’t already, I updated all database and user passwords in my current WordPress installation as well as changing the default database table prefix (wp_) to something obscure.