There is a part of config-sample.php that is headed'Authentication Unique Keys.' Four explanations that appear within the block will be found by you. A hyperlink is clean hacked wordpress site within that section of code.You copy the contents that you return, have to enter that link in your browser, and change the keys you have with the specific keys given by the website. This makes it harder for attackers to rapidly create a'logged-in' dessert for your website.
Don't make the mistake of believing that your web host will have your back so far as WordPress backups go. Not always. It's been my experience that the company may or may not be doing backups while they say that they do. Take that kind of chance?
Harness Scanner goes in search of anything suspicious through the files on your site place, comment and database tables. Additionally, it informs you for plugin names that are odd. It does not remove anything, it simply warns you.
Upgrade if you aren't running the latest version of WordPress. Similar to maintaining my site your door unlocked when you leave for vacation, leaving your why not check here website is.
However, I recommend that you install the Login LockDown plugin in place of any.htaccess controls. Login requests will stop from being permitted after three failed login attempts from a specific IP address for an hour. You may still get into your panel whilst away from your office, and yet you have great protection against hackers, if you do that.