There is a part of config-sample.php that's headed'Authentication Unique Keys.' You will find four explanations that appear inside the block. A hyperlink is fix malware problem within that part of code.You copy the contents which you return, have to enter that link into your browser, and change. This makes it harder for attackers to generate a'logged-in' dessert for your site.
The approach, and the one I recommend, is to use one of the password generation and storage plugins available for your browser. People like RoboForm, but I think after a trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those of you who use Firefox or Internet Explorer. That will generate passwords for you; then you use one master password to log in.
What is? Out of all of the possible options you can make, which one should you choose and which one is ideal for you now?
Now we're getting into matters specific to WordPress. You have to rename it to read config.php and modify the document config-sample.php, when you install WordPress. You need to set up the database facts there.
Just ensure you decide on a plugin that is up to date with the current version and release of WordPress, and which you may schedule, restore and clone.