Cloning your website is another level in fix hacked wordpress that can be useful. Cloning simply means that you've backed up your site to a totally different place, (offline, as in a folder, in order not to have SEO issues ) where you can get it at a moment's notice if the need arises.
Protect your login credentials - Do not keep your login credentials where they might be found by a hacker. Store them off, and even offline. Roboform is for protecting them good , also. Food for thought!
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely if you make regular additions and changes to your site. If you have a community of people that are in there all the time, learn this here now or make changes multiple times every day, a daily backup should be a minimum.
BACK UP your website regularly and keep a copy on your computer and off-site storage. Back For those who have a site that is very active. You spend a whole lot of money and time on your website, do not skip this! Is BackupBuddy, no other plug-ins back up database, widgets, plugins and your documents. Need to move your site to another server, this will do it in under a couple of minutes!
There is. People know they could drop by your login form and where they can login and try outside a different combination of passwords and user accounts. In order to stop this from happening you need to install Login Lockdown. It is a plugin that only allows users to attempt and login with a wrong password three times. After that the IP address will be banned from the server for a specific amount of time.