I back my blogs frequently using a plugin WP DB Backup up. If anything happens I can restore my website to the last settings. I use my site to be scanned by WP Security Scan plugin that is free and WordPress Firewall to block requests that are suspicious-looking to rename your login url to secure your wordpress website.
You can search. It is easy to restore your website by means of your backup files and change straight from the source everything that must be changed if hackers abruptly hack your website.
You should also set the"Anyone Can Register" in Settings/General to off, and you should have some type of spam plugin. Akismet is the one I use, the old standby, but there are many of them nowadays.
As I (our untrue Joe the Hacker) know, people have way too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, internet hosting, etc. accounts that all include logins and passwords you will need to remember.
Using a plugin for WordPress security just makes great sense. Backups need to be performed on a regular basis. Don't become a victim of not being proactive about your 16, because!