Allow me to shoot a scare tactics your way since scare tactics appear to be what compels some people to take rename your login url to secure your wordpress website a little more seriously, or at the very least start thinking about the problem.
Basically, it all will start with the basics. Try using passwords. Use spaces, numbers, special characters, and letters and combine them to make a password that is unique. You could also use.
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely more, if you make additions and changes to your website. If you look at these guys make changes multiple times every day, or have a community of people that are in there all the time, a daily backup should be a minimum.
Now we are getting into things specific to WordPress. Whenever you install WordPress, you have to edit the document config-sample.php and rename it to config.php. You need to install the database information there.
Just ensure you choose a plugin that's current with the current version and release of WordPress, and which you official source can schedule, restore and clone.