By default, the latest version of WordPress is pretty darn secure. The development team of WordPress has considered anything which may have been added to any secure your wordpress website plugins. In the past , WordPress did have holes but most of them are filled up.
This is great news as it means that there is a community of users and developers who can further enhance the platform. However, whenever there is a group there'll always be people who will attempt to take down them.
Yes, you want to do regular backups of your site. I recommend at least a weekly look these up database backup and a monthly "full" backup. More. If you make regular additions and changes definitely. If you have a community of people which are in there all the time, or make changes multiple times a day, a backup should be a minimum.
Now we are getting into check my site things. Whenever you install WordPress, you have to edit the document config-sample.php and rename it to config.php. You need to install the database information there.
I prefer using a WordPress plugin to get the work done. Make sure the plugin you choose is in a position to do select copies, has restore and can replicate. Be sure that it is often updated to keep pace. There's absolutely not any use in not working, and backing up your data to a plugin that's out of date.