Let me shoot a scare tactics your way since scare tactics appear to be what compels some people to take secure your wordpress site a little more seriously, or at the very least start thinking about the problem.
Don't make the click for more mistake of believing that your hosting company will have your back as far as WordPress backups go. Not always. It has been my experience that the company may or might not be doing backups, while they say that they do. Why take that kind of chance?
This is quite useful plugin, protecting you against brute-force attacks that are password-crack. It keeps track of the IP address of every check my site login attempt. You can configure the plugin to disable login attempts for a selection of IP addresses when a certain number of failed attempts is reached.
You can make a firewall that blocks hackers from infiltrating your blogs. The hacker is prevented by the firewall from coming into your own files. You also have to have version of Apache. Upgrade your my explanation PHP also. It is essential that your system is always filled with upgrades.
Don't use wp_. Most web hosting providers are removing that default now but if yours does not, adjust wp_ to anything else but that.