I back up my blogs regularly using a plugin WP DB Backup. I can always restore my website if anything happens. I use my blog to be scanned by WP Security Scan plugin and asks to be blocked by WordPress Firewall to how to fix hacked wordpress site.
You can look for software that will backup your files and database. If hackers abruptly hack your site, it is easy to restore your website with the use of your backup files and change everything that has to be changed.
You should also set the"Anyone Can Register" in Settings/General to off, and you should have some sort of spam plugin. Akismet is the one I use, the old standby, but there are try this out lots of them nowadays.
Upgrade, if you aren't running the latest version of WordPress. Leaving your website in an old version is similar to maintaining your door unlocked when you leave for vacation.
There are always going to be risks being online (or even just being alive!) And it's easy to get caught up in the panic. When we get caught up in the panic, we put the breaks on. This isn't a reaction that is fantastic. Just take some common sense see page precautions, then forge ahead. If something does happen, it will have to be addressed then and no amount of quaking in your boots before-hand will have helped. All is good, if nothing does and you haven't made yourself sick.