Okay, you got me: WordPress security isn't the sexiest way to spend your time, but it could end up being one of the most profitable! Nothing is more caustic to the lining of your stomach than having your site go down, and wondering whether or not you've lost it all.
In addition to the graphics and text you're creating, you're going to require a protection and backup option for your new website. fix wordpress malware attack is quite important, and if you back up your website and don't protect you could lose important data and information which may be hard to restore. You don't want to have to start over from scratch once you have done all that work, so be sure you're secure.
Use strong passwords - Do what you can to use a strong password, alpha-numeric, with upper and lower case and special characters. Easy to remember passwords are easy to guess!
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely if you make additions and changes to your website. If you make changes multiple times every day, or have a community of people which are in there all the time, a backup should be a minimum.
Another step to take to make WordPress secure is to upgrade WordPress. The main click resources reason for this is that with each new update there come fixes for security holes which makes it essential to upgrade early.
However, I advise that you set up the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being allowed from a certain IP address for one hour. You can access your panel while away from your office, and yet you still have protection against hackers, if you do so.