It's also important to change your password and admin username if you are helped by someone and needs admin username and your password to login to do the job. After all the work is complete, IMMEDIATELY change your password and admin username. Even if the man is trustworthy, someone in their business might not be. Better to be safe than sorry!
I back my blogs regularly using a free plugin WP DB Backup up. I can always restore my blog to the last settings if anything happens. I use my site to be scanned by WP Security Scan free plugin frequently and asks that are suspicious-looking to be blocked by WordPress Firewall to fix wordpress malware fix.
There are ways to pull off this, and a lot involve copying and FTPing files, exporting and re-establishing much more and databases. Some of these are very complicated, so it's important that you select the one that is best. If you're not of the persuasion that is technical, then you may want to check into using a plugin for WordPress backups.
There's a section of config-sample.php that is headed"Authentication Unique Keys." There are four definitions that appear within the block. There's a hyperlink within that section of code. You need to enter that link into your browser, copy the contents which you return, and replace the keys you have with the unique, pseudo-random keys offered by the website. This makes it harder for attackers to automatically create view publisher site a"logged-in" cookie for your site.
What if you go to WP-Content/plugins, can you see that folder? If so, upload this blank Index.html file inside that folder as well so people can't view what plugins you might have. Because even if your current version of WordPress is up to date, if you're using a plugin or an old plugin with a security hole, someone can use that to get access.
Oh . And incidentally, I was talking about plugins. When you get a new plugin, make sure it's a safe one. Do not install any plugin just because the owner is saying on his site that plugin will allow you to do that or this. Use get a software engineer to examine it carefully, or perhaps a test site to look at the plugin. This way is not a threat for your organization or you.