A half and year taught us that WordPress security should not be dismissed by any means. Between 15% and 20% of the world's high traffic sites are powered by WordPress. The fact it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
By default, the latest version of WordPress is pretty secure. The development team of WordPress has considered anything which may have been added to some secure your wordpress website plugins. Before, WordPress did have holes but most of them are filled up.
Strong passwords - Do your best to use a strong password, alpha-numeric. Easy to remember passwords are easy to guess!
Keep control of your assets that are online - Nothing is worse than having your livelihood in somebody else's hands. advice Why take chances with something as important as your website?
Imagine if you go to WP-Content/plugins, can you see that folder? If so, upload that blank Index.html file into that folder as well so people can not see what plugins you have. Because even if your version of WordPress is current, if you're using a plugin or an old plugin with a security hole, then someone can use that to get access.
The plugin should be updated play nice with of see this your other plugins to stay current with the latest WordPress release and have WordPress and restore capabilities. The ability site web to clone your website (in addition to regular copies ) can be helpful if you ever want to do an offline site redesign, among other things.