Welcome to using WordPress. I think you’ll like it but there is a small learning curve.
You’re already on the road to Doing It The RIght Way™ because you are thinking about backups, being able to restore, and planning for the worst.
That’s a great start and I think you’re doing fine. ?? Just make sure your backups are stored off of your server too.
I am fellow newbie who needs detailed instructions, I hope you understand? ??
I do and sincerely hope that you (or anyone) do not get hacked and have to deal with that.
This is the often quoted list of articles that get posted when someone is hacked.
You need to start working your way through these resources:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/
Anything less will probably result in the hacker walking straight back into your site again.
Additional Resources:
Hardening WordPress
https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
Don’t become intimidated! Those articles are all good but delousing is a lot of work. ??
It’s just that if your site does get compromised then you need to harden your installation and delouse it first. Once that’s done and you’ve validated that your backup is safe then you can worry about restoring it.
