By default, the newest version of WordPress is pretty secure. Anything which may have been added to some fix wordpress malware plugin plugins has been considered by the development team of WordPress . In the past , WordPress did have holes but most of them are stuffed up.
The more powerful approach, and the one I recommend, is to use one of the password creation and storage plugins available for your browser. RoboForm is liked by people, Your Domain Name but I believe after a free trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate secure passwords for you.
Should you ever wish to migrate your website elsewhere, such as a new hosting company, you'd be able to pull this off without a hitch, and also without having to disturb your old site until the new one was set up and ready to roll.
As I (our untrue Joe the Hacker) know, people have way too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts that all include logins and passwords you will need to remember.
Just ensure that you may schedule, and you choose a plugin that's current with release and the current version of WordPress, restore and replicate.