I don't know about you, but when I was securing my WordPress blog, and I had been researching to see what others were doing to keep their blog secure, I found so much information that I was confused. And some of the data was actually on superstitious or the top. People told me to rename this file, rename this folder and install these ten plugins. It seemed to be quite a bit of energy and work.
I back my blogs regularly using a plugin WP DB Backup up. I will always restore my blog if anything happens. I use WP Security Scan free plugin to scan my blog and WordPress Firewall to block suspicious-looking requests to secure your wordpress website.
No software system is resistant to vulnerabilities and bugs. Security holes will be found and bad men will do their best to exploit them. Keeping your software up-to-date is a good way because software sellers will mend their products once security holes are found.
Yes, you need to do regular backups of your website. I recommend go to this site at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely more if you make changes and frequent additions to your site. If you make changes multiple times a day, or have a community of people that are in there all the time, a backup should be a minimum.
You can get an SSL Encyption Security for your WordPress blogs. The SSL Security makes encrypted and secure communications with your site. You can also keep the all of the cookies and history of communication so that all transactions are listed. Be certain all your sites get SSL security for protection.
However, I recommend that you set up the Login LockDown plugin in place of any.htaccess controls. From being permitted after three failed login attempts from a specific IP address for one hour login requests will stop. You may still get into your admin panel whilst away from your office, and yet you still have protection against hackers if you do so.