In my view, the best way to ensure your WordPress security is through the use of a how to fix hacked wordpress site backup plugin. This is a fairly inexpensive, easy and elegant official website to use way to make sure that your website is available to you.
Also, don't make the mistake of thinking that your web host will have your back so far as WordPress copies go. Not always. see this site It has been my experience that the company may or may not be doing backups, while they say they do. Take that kind of chance?
One thing you can take is to delete the default administrator account. This is critical because if you don't do it, malicious user know a user name which they could try to crack.
You can get an SSL Encyption Security to your WordPress blogs. The SSL Security makes secure and encrypted communications with your site. So that all transactions are listed, you may also keep history of communication and the all the cookies. Be certain that all your sites get SSL security for protection from hackers.
However, I recommend that you install the Login LockDown plugin in place of any.htaccess controls. From being allowed after three unsuccessful login attempts from a certain IP address for an hour login requests will stop. You may get into your panel while and yet you have protection against hackers, if you do so.