You can buy security plugins to your WordPress blog. There are security plugins out there that promises optimum security for your own blog. One is known as fix wordpress malware cleanup Scan. The system is continuously scanned by this plugin for enhancing the security. So that hackers can't penetrate the system, it also updates the security.
A simple way to maintain WordPress safe is to use a few tools that are built-in. First of all, do not allow people run a web host security scan to list the files in your folders and automatically backup your web hosting account.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely, if you make changes and additions to your website. If you have a community of people that are in there all the time, or make changes multiple times a day, a backup should be a minimum.
BACK UP your website and keep a copy on your computer and storage. For those who have a site that is very active, back. You spend a whole lot of time and money on your website, don't skip this! Is BackupBuddy, no back up your documents, widgets, database and plugins. Need to move your site to another server, this will do more tips here it!
Don't use wp_ as a prefix for your own databases. That default is being eliminated by web hosting providers but if yours doesn't, fix wp_ to anything else but that.