A half and year taught us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the planet's high traffic sites are powered by WordPress. The fact it is an Open Source platform and everyone has access to its Source Code makes it a tempting prey for hackers.
Finally, fix wordpress malware virus will inform you that there is no htaccess inside the directory. You may place a.htaccess record into this directory if you would like, and you can use it to handle the wp-admin directory by Ip Address address or address range. Details of how you can do this are plentiful around the internet.
Backup plug-ins is also important. You need to backup database and all the files you can bring back your own blog like nothing happened.
Yes, you want to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely more if you make frequent additions and changes to your site. If you have a community of people which are in there all the time, or visit this page make changes multiple times every day, a backup should be a minimum.
Note that you should try this step for new installations. You will also have to change all the table names within the database if you might like to do it for installations.
Bear in mind the safety of your blogs depend on how you handle them. Be certain that you follow these strategies that are basic original site to prevent exploits and hacks on your blogs and websites.