My first step is not one you must take but it helped me. I had a good old fashion pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me.) And then I did before I started my website, what I should have done. And here is where I want you to start. Learn how to protect yourself until you get hacked. The thing about rename your login url to secure your wordpress website and why so many of us recommend because it is easy to learn, it is. That is also a detriment to the health of our sites. We need to learn how to add a security fence around our site.
Well, we are talking about WordPress but what's the sense if your computer is in danger of hackers of doing security checks and upgrades. There are files that can encrypt key loggers. Regardless of what you do, they can access everything that you type on your computer when this occurs. You can find a lot of antivirus programs that are good . Search for a credible antivirus program or ask experts about this.
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely, if you make changes and frequent additions to your website. If you have a community of people that are in there all the time, or make changes multiple times every day, a backup should be a minimum.
In addition to adding a secret key Get More Information to your wp-config.php file, also consider changing your user password into something that's strong and unique. WordPress will let you know the strength of your password, but include amounts, use upper and lowercase letters, and a good tip is to avoid common phrases. It's also a good idea to change your password regularly - say once every six months.
These are. Set a blank Index.html file in your folders, run your web host security scan and backup your whole account.