There are millions of blogs. Money is being made by some people through it and some don't. Most of the bloggers use WordPress at the moment. No matter what kind of person you're, you will need to make certain that your blog is secure.
Finally, rename your login url to secure your wordpress website will tell you that there's no htaccess in the directory. You may put a.htaccess file if you wish, and you can use it to control access by IP address to the wp-admin directory or address range. Details of how to do that are easily available on the net.
Truth is, there is no way to prevent an intrusion, if your own site is targeted by a master of this script. Everything you are about to read below are a few precautionary actions you can take see page to minimize the risk to an acceptable level. Chances are a hacker would prefer picking more easy victim, another if your WordPress site is protected.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. If you make changes and additions to your website, definitely more. If you have a community of people that are in there all the time, or make changes multiple times a day, a daily backup should be a minimum.
BACK UP your website and keep a copy on your own computer and off-site storage. Back if you have a site that is very active. You spend a lot of money and time on your website, don't skip this! The one complete solution that does it all is BackupBuddy, no back up your files, widgets, plugins and database. Need to move your website to another host, this will do it!
Do not use wp_. Web hosting providers are removing that default but if yours doesn't, adjust wp_ to anything but that.