It's also important to change admin username and your password if someone will help you with your site and needs admin username and your password to login to perform the work. After all the work is complete, IMMEDIATELY change your password and admin username. Someone in their business might not be if the man is trustworthy. Better to be safe than sorry!
I back my blogs regularly using a plugin WP DB Backup up. I can restore my website to the last settings if anything happens. I use WP Security Scan plugin that is free to scan my blog frequently and requests that are suspicious-looking to be blocked by WordPress Firewall to repair hacked wordpress site.
The approach, and the one I recommend, is to use one of the click site password generation and storage plugins available on your browser. I believe after a trial period, you need to pay for it, although people like RoboForm. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate secure passwords for you; you then use one master password to log in.
Keeping your WordPress website up-to-date is one of the most easy things you can do. For the past couple of versions, the ability to install updates has been included by WordPress. Not only that, but websites are notified every time a new upgrade becomes available.
Pathological-looking phrases that were whitelists and black based on which area they appear within, in a page request. (unknown/numeric parameters vs. known post bodies, remark bodies, etc.).
These are only some. Thing is they don't require much time to do. These are also easy options, which can be done easily.