A half and year educated us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the planet's high traffic sites are powered by WordPress. The fact it is an Open Source platform and everyone has access to its Source Code makes it a tempting prey for hackers.
Let me shoot a couple of scare tactics your way since scare tactics appear to be what drives some people to take clean hacked wordpress site a little more seriously, or at least start thinking about the issue.
An easy way would be to use a few tools that are built-in. To begin with, don't allow people run a web host security scan to list the files in your folders and automatically backup your entire web hosting account.
Exclude pages - This plugin adds a checkbox,"include this page in menus", which is checked by default. If you uncheck it, the page will not appear in any listings of pages (which includes, and is usually limited to, your webpage navigation menus).
Along with adding a secret key to your wp-config.php document, also consider changing your user password into something that's strong and unique. WordPress will tell you the strength of your password, but a great tip is to avoid common phrases, use letters, and include numbers. It's also a good idea to change your password regularly - say once every six months.
The plugin should be updated to remain current with the latest WordPress release, play nice with all your plugins and have WordPress cloning and restore capabilities. The ability to browse around these guys clone check over here your site (along with regular backups) can be useful if you ever want to do an offline site redesign, among other things.