Okay, you got me: WordPress security isn't the sexiest way to spend your time, but it could end up being one of the most profitable! Nothing is more caustic to the lining of your stomach than having your site go down, and wondering whether or not you've lost it all.
Ultimately, secure your wordpress site will inform you that there's no htaccess inside the directory. You may put a.htaccess record into this directory if you would like, and you can use it to manage usage of this wp-admin directory from Ip Address address or address range. Details of how you can do that are plentiful around the internet.
Protect your login credentials - Don't keep your login credentials where they might be found by a hacker. Store them off, and even offline. Roboform is good for protecting them. Food for thought!
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely, if you make regular additions view it now and changes to your website. If you make changes multiple times every day, or have a community of people which are in Check This Out there all the time, a daily backup should be a minimum.
You could also get an SSL Encyption Security to your WordPress blogs. The SSL Security makes encrypted and secure communications with your site. You may also keep the all the cookies and history of communication so that all transactions are listed. Make sure that all your sites get SSL security for maximum protection.
Keep in mind the security of your sites depend on how you handle them. Be sure that you follow these simple tips to prevent hacks and exploits on your own blogs and websites.