Additionally, it is important to change your password and admin username if someone needs admin username and your password to login to do the job and will help you with your blog. Admin username and your password changes after all the work is finished. Someone in their business may not be if the person is trustworthy. Better to be safe than sorry!
Since scare tactics appear to be what drives some people to take fix wordpress malware cleanup a little more seriously, or at least start considering the issue, allow me to shoot a few scare tactics your way.
Also, don't make the mistake of thinking that your web host will have your back so far as WordPress copies go. Not always. It's been my experience that the my site hosting company may or might not be doing backups while they say they Click This Link do. Why take that kind of chance?
Is to delete the default administrator account. This is important because if you do not do it, malicious user know a user name that Continue they could attempt to crack.
You may extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think you can use it for free and this plugin is a good choice.
Just make sure you choose a plugin that is current with the version and release of WordPress, and that you can schedule, restore and clone.