There's a portion of config-sample.php that is headed'Authentication Unique Keys.' You will find four explanations that appear inside the block. There's a hyperlink fix wordpress malware attack inside that part of code.You must enter that link into your browser, copy the contents which you return, and change the keys you have with the specific, pseudo-random keys given by the website. This makes it harder for attackers to quickly create a'logged-in' dessert for your site.
Also, don't make the mistake of thinking that your web host will have your back as far as WordPress copies go. Not always. While they say they do, it has been my experience that the hosting company may or might not be doing backups. Take that kind of chance?
It's a WordPress plugin. They are drop dead easy to set up, over here have all the features you need for a job like this, and are relatively inexpensive, especially when compared to having to employ someone to have this done for you.
Now we're getting into things specific to WordPress. You must rename it to config.php and alter the file config-sample.php, when you install WordPress. You need to deploy the database facts there.
Just make sure you decide on a plugin that is current with release and the version of WordPress, and that you may schedule, restore and clone.