I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
By default, the newest version of WordPress is pretty darn secure. Anything that might have been added to some repair hacked wordpress site plugins has been considered by the development team of WordPress . Before, WordPress did have holes but now most of them are stuffed up.
Protect your login credentials - Do not keep your login credentials where a hacker could find them. Store them off, as well as offline. Roboform is for protecting them good , also. Food for thought!
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely more if you make changes and additions to your website. If you make changes multiple times a day, or have a community of people that are in there all the time, a daily backup should be a minimum.
Another step to take to make WordPress more secure is to always upgrade WordPress. The main reason behind this is that there come fixes for security holes making blog here it essential to upgrade early.
Just make sure that you may schedule, and you decide on a plugin that is current with release and the version of WordPress, restore and clone.