Since scare tactics appear to be what drives some people to take fix wordpress malware protection a little more seriously, or at the very least start thinking about the issue, let me shoot a scare tactics your way.
If you're among the ones that are proactive, I might find it somewhat harder to crack your password. But if you're one of those responsive ones, I might get you.
There is a section of config-sample.php that is headed"Authentication Unique Keys." There are. There's a hyperlink within try this that section of code. You need to enter that link into your browser, copy the contents that you get back, and replace the keys you have with the unique, pseudo-random keys offered by the website. This makes it harder for attackers to automatically create a"logged-in" cookie for your website.
Now we are getting into matters specific to WordPress. You have to rename it to config.php and modify the document config-sample.php, when you install WordPress. You will need to set up the database facts there.
The plugin should be updated play nice to stay current with the latest WordPress release and have WordPress cloning and restore capabilities. The ability to clone your site (in addition to regular copies ) can be helpful if you ever need to do an offline website redesign, among other things.