There's a portion of config-sample.php that's headed'Authentication Unique Keys.' Four explanations that appear inside the block will be found by you. There's a hyperlink how to fix hacked wordpress site inside that part of code.You copy the contents that you return, have to enter that link in your browser, and change. This makes it harder for attackers to quickly generate a'logged-in' dessert for your website.
Also, don't make the mistake of thinking that your hosting company will have your back so far as WordPress backups go. Not always. It has been my experience that the company may or may not be doing proper backups, while they say they do. Take that kind of chance?
Move your wp-config.php file one directory up from the WordPress root. WordPress will search for it if it can't be found in the main directory. Also, nobody will be able to read the document unless they've SSH or FTP access to your server.
Now we're getting into things. Whenever you install WordPress, you need to edit the document config-sample.php and rename it to config.php. You need to install the database information there.
Oh . And incidentally, I was talking about plugins. Make sure it's a secure one, when you get a new plugin. Do not install any plugin simply because the owner is her comment is here saying that plugin will allow you to do this or that. Use a test blog to look at the plugin, or perhaps get a software engineer to analyze it carefully. This way is not a threat for your organization or you.