WordPress provides you security updates but still it is very important to follow additional security steps because it also matters what kind and number of WP themes and plugins you use. You should check your website on regular basis for malicious code, content, links, script etc to avoid getting your site compromised and hacked. This tutorial explains you how you can check your site files and database for malicious content.
Install and activate Exploit Scanner plugn, the plugin provides you a scan that lets you check your WordPress site files, content and even database tables for anything suspicious. This plugin is not a firewall or anything that stops hacking instead it tracks all suspicious things and you remove them yourself or take help from expert developer.
After activation visit its options page and you can set some basic options like Maximum upload Size Number of Files to check per batch and checkbox option for display:none or visibility:hidden files to lookup for hidden spam links. Remember: changing number of files to check per affects scan speed; if you choose a greater number it will take more time to scan; its better to leave it to default value.