Additionally, it is important to change admin username and your password if someone helps you with your site and needs admin username and your password to login to perform the job. Admin username and your password changes after all the work is finished. Someone in their business might not be, if the man is trustworthy. Better to be safe than sorry!
In my view, the best way to make sure your that is fix wordpress malware plugin is via using a WordPress backup plugin. This is a relatively inexpensive, elegant and easy to use way to be certain your site is available to you in the event of a disaster.
The stronger approach, and the one I personally recommend, is to use one of the generation and storage plugins available for your browser. I think after a free trial period, you need to pay for it, although people like RoboForm. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate passwords for you; you use one master see this here password to log in.
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely more, if you make regular additions and changes to your site. If you have a community of people which are in there all the time, or make changes multiple times a day, a daily backup should be a minimum.
Black and whitelists pathological-looking phrases based on which field they appear inside, in a page request. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
However, I advise that you set up the Login LockDown plugin rather than any.htaccess controls. Login requests will be stopped by that from being permitted from a specific IP-ADDRESS for an hour or so after three failed login attempts. It is still possible to access your admin mobile while from your office, and yet you have good protection against hackers if you accomplish that.