Stop worrying now, your more secure while running self hosted wordpress blogs because there is a wordpress plugin which you can install and keep a clean blog installation. The installation is quite simple which you can download from the wordpress plugins section after the activation of which you dont get many options in the admin unlike other wordpress security plugins.
You are given a check box to select in order to recieve a email after a daily antivirus scan in case there is any virus found on your wordpress files which covers your admin, themes, plugins & images. There is also a feature of manual scanning your templates , after which a report which tells if there is a virus found on your .php files or not. This is a very important plugin if you are worried about virus or iframe injection on your blogs.
# Quick & Dirty: activate, check, done!
# Manual testing with immediate result of the infected files
# Automatic testing with notification
# Whitelist: Mark as no virus