You can buy security plugins . There are many security plugins out there that guarantees security for your blog. One is called fix wordpress malware protection Scan. This plugin continuously scans the system . So that hackers can't penetrate the system, Additionally, it updates the safety.
The one I recommend, and the stronger approach, is to use one of the password creation and storage plugins available for your browser. RoboForm is liked by many people, but I believe after a free trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate passwords for you.
Yes, you want to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More. If you make additions and changes to your site, definitely. If you make changes multiple times every day, or have a community of people that are in there all the time, a backup should be a minimum.
All-Rounder security plug-ins can be considered as a complete security checker. They scan and check the whole site and provide you with information concerning the probable weaknesses of the site.
There is. People always know they also could drop by with your login form and where they can login and try outside a different combination of passwords and user accounts. In order to prevent this from happening you want to set up Login Lockdown. It's a plugin that lets users try to anonymous login with a password three times. After that the IP address will be banned from the server for a specific amount of time.