There is a portion of config-sample.php that's headed'Authentication Unique Keys.' You will find. There's a hyperlink fix wordpress malware virus within that section of code.You copy the contents that you return, must enter that link into your browser, and change. That makes it harder for attackers to create a'logged-in' dessert for your website.
Don't depend on your Web host - Many people rely on their web host to"do all that technical stuff for me", not realizing that sometimesthey don't! Far better to have the responsibility lie rather than out of your control.
Yes, you need to do regular backups of your website. I recommend try this web-site at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely, if you make frequent additions and changes to your site. If you make changes multiple times every day, or have a community of people which are in there all the time, a daily backup should be a minimum.
Now we're getting into things specific to WordPress. You must rename it to config.php and alter the file config-sample.php, when you install WordPress. You need to set up the database facts there.
But realize that online security is something you really need to start thinking about. Do not just be the type, take steps to start protecting yourself. Do not let Joe the Hacker make your life miserable and turn all site here that you've worked so hard in creating come crashing down in a matter of seconds.