In my view, the best way to ensure your WordPress security is through using a how to fix hacked wordpress backup plugin. This is a fairly inexpensive, easy and elegant to use way to be sure that your site is accessible to you in case of a disaster.
Is also significant. You need to backup all the files and database you can bring back your own site like nothing happened.
Yes, you want to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. If you make changes and frequent additions to your site, definitely more. If you make changes multiple times a day, or have a community of people that are in there all the time, a backup should be a minimum.
Security plug-ins can be considered as a full security checker. They provide you with information about the possible weaknesses of the website and scan and check the entire site.
There are always going to be risks being online (or even just being malware attack aurora alive!) Also it's easy to get caught up in the panic. We often put the breaks on, As soon as we get caught up in the panic. This isn't a reaction that is good. Take some common sense precautions, then forge ahead. It will have to be dealt with then, if something bad does happen and no amount of quaking in your will have helped. If nothing does, all is good and you haven't made yourself ill with worry.