Install the clean hacked wordpress site Firewall Plugin. This plugin investigates net requests with heuristics that are straightforward to recognize and quit attacks that are most obvious.
Safeguard your login credentials - Do not keep your login credentials where they might be found by a hacker. Store them offsite, as well as offline. Roboform is very good for protecting them, also. Food for thought!
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. If you make additions and changes definitely more. If you have a community of people that are in there all the time, or make changes multiple times a day, a backup should be a minimum.
You could even get an SSL Encyption Security for your WordPress blogs. The SSL Security makes secure and encrypted communications with your site. So that all transactions are listed, you may my site keep the all the cookies and history of communication. Be certain all your blogs get SSL security for protection.
These are only some. Fantastic thing is they don't need much time to do. These are easy options, which can be done easily.