I back up my blogs regularly using a free plugin WP DB Backup. If anything happens I will restore my website. I use WP Security Scan plugin that is free to scan my blog regularly and suspicious-looking requests to be blocked by WordPress Firewall to secure your wordpress website.
I protect an access to important files on the blog's server by putting an index.html file in the particular directory, that hides the files out of public view.
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it there if it cannot be found in the root directory. Also, nobody will have the ability to read the document unless they have FTP or SSH access to your server.
Install the WordPress Firewall article Plugin. Prevent and this plugin investigates web requests with easy WordPress-specific heuristics to recognize attacks that are most obvious.
Do your homework and some searching, but if content you're pressed for time and need to get this done once and for all, try out the WordPress safety plugin that visit here I use. It's a relief to know that my site (and company!) are secure.