Since scare tactics appear to be what compels some people to take repair hacked wordpress site a bit more seriously, or at least start considering the issue, allow me to shoot a scare tactics your way.
Don't make the mistake of thinking that your hosting company will have your back so far as WordPress backups go. Not always. It has been my experience that the company may or may not be doing backups, while they say that they do. Why take that kind of chance?
There is a section of config-sample.php that is headed"Authentication Unique Keys." There are. A hyperlink is within that section of code. You want to enter that link in your browser, copy the contents which you get back, and replace the keys you have with the unique, pseudo-random keys provided by the site. This makes it harder for attackers to automatically generate a"logged-in" cookie for your website.
You can also make a firewall that blocks hackers. From coming to your files, the firewall prevents the hacker. You must also have updated version of Apache. Upgrade your PHP also. It's essential that your system is always browse around here filled with upgrades.
I prefer to use a WordPress plugin to get the work done. Make sure that the plugin you choose is able to do select copies, has restore functionality, and can replicate. Be sure it is often updated to keep pace. There is no use in backing up your data and not working.