By default, the latest version of WordPress is pretty darn secure. Anything that might have been added to some fix malware problems free plugins has been considered by the development team of WordPress . Before, WordPress did have holes but most of them are stuffed up.
Protect your login credentials - Do not keep your login credentials where they might be found by a hacker. Store them off, and even offline. Roboform is for protecting them good . Food for thought!
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely more if you make additions and changes to your website. If you make changes multiple times a day, or have a community of people which are in there all the time, a daily backup should be a minimum.
So what's the best way? Out of all the possible choices that are available right now, which one is right for go to my site you and which route should you choose?
However, I advise that you set up the Login LockDown plugin in place of any.htaccess controls. From being allowed after three unsuccessful login attempts from a specific IP address for one hour login requests will stop. If you do so, you can still get into your admin panel whilst away from your office, and yet you have good protection against hackers.