I back my blogs regularly using a plugin WP DB Backup up. I will always restore my website to the settings if anything happens. I use WP Security Scan plugin that is free to scan my site frequently and WordPress Firewall to block requests that are suspicious-looking to fix hacked wordpress.
A simple way would be to use a few built-in tools. First of all, do not allow people run a web host security scan to list the documents in your folders and automatically backup your web hosting account.
Is to delete the default administrator account. This is critical because if you don't do it, malicious user already know a user name which they could try to crack.
Another step to take to make WordPress more secure is to upgrade WordPress. The reason behind this is that weblink there also come fixes for security holes that are old which makes it essential to upgrade early.
Implementing all of the above will take less than an hour to complete, while creating your WordPress website more immune to intrusions. Over 1 million WordPress websites were cracked last year, mainly due to preventable security gaps. Have yourself prepared and you are likely to be on the safe side.