There are millions of blogs all around the Internet. Some of us are earning money and some do not. Many of the bloggers use WordPress at the moment. You will need to be sure that your blog is protected.
By default, the latest version of WordPress is pretty secure. Anything which may have been added to some repair hacked wordpress site plugins has been considered by the development team of WordPress . Before, WordPress did have holes but now most of them are stuffed up.
I protect an access to important files on the blog's server by putting an index.html file in the particular directory, that hides the files from public view.
Yes, you want to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely, if you make changes and frequent additions to your site. If you make changes multiple times every day, or have a community of people which are in there all the time, a daily backup should be a minimum.
If you this website aren't running the latest version of WordPress, upgrade today. Like maintaining your door unlocked when you leave for vacation, leaving your site is.
Change admin username and your WordPress password, or your password, often and collect and use other WordPress security tips to keep hackers out!