I back my blogs using a plugin WP DB Backup up. If anything happens I can always restore my blog. I use my blog to be scanned by WP Security Scan plugin that is free and WordPress Firewall to block requests that are suspicious-looking to fix wordpress malware plugin.
This is fantastic news as it means that there is a community of developers and users who could further enhance the platform. However there is a significant group of people trying to achieve something, there'll always be people who will try to take down them.
Yes, you want to do regular backups More hints of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely more if you make additions and changes to your website. If you make changes multiple times every day, or have a community of people which are in there all the time, a daily backup should be a minimum.
Take note of your new password! I recommend the free or paid version of the software *Roboform* to remember your passwords.
Those are three things you can do to maintain WordPress safe without plugins. Put a blank Index.html file in your folders, run your web host security scan and backup your entire account.