Since scare tactics appear to be at the very least start considering the problem, or what compels some people to take fix wordpress malware a bit more seriously, allow me to shoot a scare tactics your way.
Should the server of your site go down, everything you've worked for will go with it. You will make no sales, get signups or no traffic to your site, until you have the website back up again and in short, you are out of business.
This is very handy plugin, protecting you against brute-force password-crack strikes. It keeps track of the IP address of every failed login attempt. You can about his configure the plugin to disable login attempts for a selection of IP addresses when a certain number of failed attempts is reached.
Security plug-ins that were all-Rounder can be thought of as a security checker that was complete. They provide you with information about the possible weaknesses of the website and check and scan the entire website.
These are. Set a blank Index.html file in your folders, run your web host security scan and backup your whole account.