Last year and a half taught us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the world's high traffic sites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a tempting prey for hackers.
I back up my blogs using a plugin WP DB Backup. I will always restore my website if anything happens. I use my blog to be scanned by WP Security Scan plugin that is free regularly and WordPress Firewall to block suspicious-looking requests to fix wordpress malware virus.
Hackers do not have the capability when you got these lined up for your security, to come to a WordPress blog. You can have a WordPress account that provides big bucks from affiliate marketing to you.
Exclude pages - her latest blog This published here plugin adds a checkbox,"include this page in menus", which is checked by default. If you uncheck it, the page will not appear in any listings of pages (which contains, and is usually restricted to, your page navigation menus).
Can you see that folder, what if you go to WP-Content/plugins? If so, upload that blank Index.html file inside that folder as well so people can't view what plugins you might have. Someone can use that to get access because if your existing version of WordPress is current, if you're using a plugin or an old plugin with a security hole.
Do your homework and some hunting, but if you're pressed for time and want to get this done once and for all, try the WordPress safety plugin that I use. It is a relief to know that my site (and company!) are secure.