When I was in college, one of my business instructors told us students that one of the biggest barriers to making money in business was procrastination.
Finally, fix wordpress malware will tell you that there's not any htaccess in the wp-admin/ directory. You can put a.htaccess file into this directory if you desire, and you can use it to control access to the directory from IP address or address range. Details of how to do this are available on the internet.
Also, don't make the mistake of thinking that your web host will have your back so far as WordPress backups go. Not always. It's been my experience that the company may or might not be doing proper backups, while they say they do. Take that kind of chance?
Should you ever wish to migrate your site elsewhere, like a new web host, you'd have the ability to pull this off without a hitch, and also without having to disturb your old site until the new one was set up and ready to roll.
Along with adding a secret key to your wp-config.php read the article document, also consider changing your user password to something that's strong and unique. WordPress will let you know the strength of your password, but include amounts, use upper and lowercase letters, and a great idea is to avoid common phrases. It's also try this website a good idea to change your password regularly - say once every six months.
Do your homework and some searching, but if you are pressed for time and need to get this try the WordPress security plugin that I use. It is a relief to know that my website (and business!) are look what i found secure.