My first step is not one you must take but I was helped by it. I had a fantastic old fashion pity party. I cried and railed against the evil hackers (that where probably 13 and smarter then me.) And then I did before I even started my website, what I should have done. And here is where I would like you to start also. Learn how to protect yourself until you get hacked. The thing about fix malware problem and why so many people recommend because it is really easy to learn, it is. Unfortunately, that can be a detriment to the health of our websites. We need to learn how to put in a safety fence.
Also, don't make the mistake of thinking that your web host will have your back so far as WordPress copies go. Not always. It has been my experience that the company may or may not be doing backups while they say they do. Take that kind of chance?
A snap to move top article - If, for some reason, you need to relocate your site, such as a domain name change or a new web host, getting your files at your fingertips can save you oodles of time, headache, and the need for tech help.
As I (our untrue Joe the Hacker) understand, people have way too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, web hosting, etc. accounts that all come with logins and passwords you will need to remember.
Oh . And by the way, I talked click site about plugins. Make sure it's a secure one when you get a new plugin. Do not install any plugin because the owner is saying on his site that plugin can help you do this or that. Maybe use get a software engineer to analyze it carefully, or maybe a test site to look at the plugin. This way is not a threat for you or your business.