Since scare tactics appear to be what drives some people to take fix wordpress malware plugin a little more seriously, or at least start thinking about the problem, allow me to shoot a scare tactics your way.
Don't make the mistake of thinking that your web host will have your back so far as WordPress backups go. Not always. It's been my experience i loved this that the hosting company may or might not be doing proper backups while they say that they do. Why take that kind of chance?
Move your wp-config.php file one directory up from the WordPress root. WordPress will search for it there if it cannot be found in the root directory. Additionally, nobody else will have the ability to read the document unless they have FTP or SSH access.
Another step to take to make WordPress more secure is to upgrade WordPress. The reason behind this is that there come fixes for security holes that are older making it essential to upgrade.
Just ensure that you may schedule, and you decide on official website a plugin that's current with release and the version of WordPress, restore and replicate.