There is a portion of config-sample.php that's led'Authentication Unique Keys.' You will find. A hyperlink is fix malware problem within that section of code.You change the keys you have with the special keys given by the website, copy the contents that you return, and have to enter that link in your browser. That makes it harder for attackers to quickly create a'logged-in' dessert for your site.
Also, don't make the mistake of believing that your web host will have your back so far as WordPress backups go. Not always. While they say like it that they do, it's been my experience that the company may or may not be doing backups. Take that kind of chance?
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it there if it can't be found in the root directory. Additionally, nobody else will have the ability to read the file unless they've SSH or FTP access to your server.
It's really sexy Our site to fan the flames of fear. That is what bloggers and journalists and politicians and public figures do. It's great for readership and it brings money. Balderdash.
Implementing all of the above official site will probably take less than an hour to complete, while making your WordPress site more resistant to intrusions. Over 1 million WordPress sites were this past year, largely due to preventable security gaps. Have yourself prepared and you are likely to be on the safe side.