Let me shoot a couple of scare tactics your way since scare tactics appear to be what drives some people to take repair hacked wordpress site a little more seriously, or at the very least start considering the problem.
I protect an access to important files on the site's server by placing an index.html file in the particular directory, which hides the files from public view.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely more if you make changes and regular additions to your site. If you have More Help a community of people which are in there all the time, or make changes multiple times every day, a backup should be a minimum.
You can get an SSL Encyption Security for your WordPress blogs. The SSL Security makes encrypted and secure communications with your site. You may keep the all of the cookies and history of communication so that all transactions are recorded. Make sure all your blogs get SSL security for protection from hackers.
These are some. Thing is that they don't need much look at this web-site time to perform. These are also simple options, which can be done easily.