Every month I get a call from a client whose website has been hacked and they don’t have a backup. They thought their hosting company set up backups for them. You’d think this would be an industry standard practice but like WordPress software updates most of the time you are on your own. The solution is to back them up yourself either through the Control Panel of your host, through a plugin, or through a 3rd party external backup system like managewp.com. I prefer Managewp because it also lets me update my WordPress software/plugins/themes with ease.
If you are not 100% sure that your website is backed up (e.g. you have access to the zip file backups on a daily basis) then stop what you are doing and either contact your host or call me. The saddest days for me are when clients call me with a website that has been hacked and they have no backup. Sure I can clean out the hacked files and remove the virus that caused all the chaos but it’s easier to just use a backup of when the site was fine and then patch up the vulnerability from there. Usually it’s just that the software was out of date and the hackers used that to breach the system.
Don’t lose your website. Contact your host (or any web developer… including me) to make sure you are set up for daily backups and at least weekly updates to your WordPress software.