I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
WordPress is a system that is safe but applications has their own flaws and security holes are usually located on WP. This is the reason why WP releases new updates . Once they found any vulnerability, they immediately make some changes and supply a new update . You need to understand the areas where these plug-ins work to help you protect your investment if you wish to know about the best rename your login url to secure your wordpress website plugin .
Hackers don't have the capability to come to a WordPress blog once you got these lined up for your security. You can have a WordPress account which provides big bucks from affiliate marketing to you.
Yes, you want to do regular backups of your website. I recommend at least a weekly web link database backup and a monthly "full" backup. More, if at all possible. Definitely more if you make changes and additions to your website. If you make changes multiple times every day, or have a community of people that are in there all the time, a daily backup should be a minimum.
Take note of your new password! I suggest the paid or free version of the software *Roboform* to remember your passwords.
The plugin should be updated play nice with of your plugins, to stay current with the latest WordPress release and have WordPress cloning and restore capabilities. The ability to clone your site (along with regular backups) can be useful if you ever need to do an offline website redesign, among other things.