There's a portion of config-sample.php that is headed'Authentication Unique Keys.' Four explanations that appear within the block will be found by you. A hyperlink is fix wordpress malware fix within that section of code.You have to enter that link into your browser, copy the contents that you return, and change the keys you have with the specific keys given by the website. This makes it harder for attackers to create a'logged-in' dessert for your site.
The stronger approach, and the one I recommend, is to use one of the password generation and storage plugins available for your browser. I think after a free trial period, you need to pay for it, although RoboForm is liked by people. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate passwords for you.
Is to delete the default administrator account. This is important because if you don't do it, malicious user already know a user name that they could try to crack.
BACK UP your website frequently and keep a copy on your own computer and off-site storage. Back if you have a very active website. You spend a lot of time and money on your site, don't skip this! Is BackupBuddy, no back up your files, widgets, plugins look these up and database. Need to move your website this will do it!
Do your homework and some hunting, but if you are pressed for time and need to get this done find once and for all, try out the WordPress security plugin that I use. It is a relief to know that my website (and business!) are secure.