I back up my blogs using a plugin WP DB Backup. If anything happens I will restore my blog to the last settings. I use my blog to be scanned by WP Security Scan plugin and suspicious-looking requests to be blocked by WordPress Firewall to clean hacked wordpress site.
It all will start with the basics. Attempt using complex passwords. Use special characters, numbers, letters, and spaces and combine them to create a special password. You could also use usernames that are not obvious.
I don't think there's a person out there that after learning just how much of a problem WordPress hacking is that it's a good idea. Something I've noticed over the years is check that when it comes to securing their blogs, bloggers seem to be stuck in this state.
Pathological-looking phrases that were whitelists and black based on which area they look inside, in a page request. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
These are three very simple things you can do to keep WordPress secure without plugins. Set a blank click this link Index.html file in your folders, run your web host security scan and backup your whole account.