I back my blogs frequently using a free plugin WP DB Backup up. If anything happens I can always restore my blog. I use WP Security Scan plugin to scan my blog and WordPress Firewall to block requests that are suspicious-looking to fix wordpress malware protection.
The one I personally recommend, and the more powerful approach, is to use one additional resources of the password generation and storage plugins available for your browser. I think after a free trial period, you have to pay for it, although many people like RoboForm. I use the free version of Lastpass, and I recommend it for those of you who use Firefox or Internet Explorer. That will generate passwords for you.
Should you ever wish to migrate your site elsewhere, like a new hosting company, you'd be able to pull this off without a hitch, and his response also without needing to disturb your old site until the new one was in place and ready to roll.
Install the WordPress Firewall Plugin. This plugin investigates web requests to recognize and stop most obvious attacks.
Don't use official site wp_. Web hosting providers are removing that default but if yours does not, fix wp_ to anything else but that.