By default, the latest version of WordPress is pretty darn secure. Anything which may have been added to any fix malware problems free plugins has been considered by the development team of WordPress . In the past , WordPress did have holes but now most of them are filled up.
Do not depend on your Web host - Many people depend on their web host to"do all that technical stuff for me", not realizing that sometimes, they don't! Far better to have the responsibility lie rather than from your control.
While it's an odd term, it represents a task that is necessary . We are not only being obsessive-compulsive here: servers go down every day, despite their promises of 99.9% uptime, and if you've had this happen to you, you understand the panic is it can cause.
You can extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. I think you can use it for free and this plugin is a fantastic option.
Oh . And incidentally, I was talking about plugins. Make sure it's a safe one when you get a plugin. Don't install any plugin simply because the owner from this source is saying that plugin can help you do this or that. Use maybe, or a test blog to check the plugin get a software engineer to examine it carefully. This way isn't a threat for you or your organization.