Install the fix wordpress malware virus Firewall Plugin. This plugin investigates requests with simple WordPress-particular heuristics to recognize and stop most obvious attacks.
Don't make the mistake of believing that your hosting company will have your back so far as WordPress backups go. Not always. While they say that they do, it's been my experience that the hosting company may or may not be doing backups. Take that kind of chance?
There's a section of config-sample.php that is headed"Authentication Unique Keys." There are four definitions which appear within the block. A hyperlink is within that section of code. You need to enter that link in your browser, copy the contents that you return, and then a fantastic read replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically create a"logged-in" cookie for your site.
Note that you should try this step for setups. If you might like to do it you will also need to change all the table names inside the database.
Implementing all the above will take less than an hour to finish, while making your WordPress site much more immune to intrusions. Websites were last year, largely due to preventable security gaps. Have yourself prepared and you are likely to be on the safe side.