I back my blogs frequently using a free plugin WP DB Backup up. If anything happens I will restore my blog. I use WP Security Scan plugin to scan my blog and WordPress Firewall to block asks that are suspicious-looking to fix hacked wordpress.
I protect an access to important files on the blog's server by putting an index.html file in the particular directory, that hides the files out of public view.
You should also place the"Anyone Can Register" in Settings/General to off, and you should have some type of spam plugin. Akismet is the old standby, the one I use, but there are lots of them nowadays.
Can you see that folder, what if you go to WP-Content/plugins? If so, upload this blank Index.html file inside that folder as well so people can not see what plugins you have. Someone can use this to get check my site access because even if your current version of WordPress is current, if you are using a plugin or an old plugin using a security hole.
There is another problem you have with WordPress. People why not find out more know they could visit with your login form and where they can login and try out a different combination of passwords and user accounts. In order to prevent this from happening you want to set up Login Lockdown. It is a plugin that lets users attempt to login with a password three times. After view publisher site that the IP address will be banned from the server for a certain timeframe.