You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
By default, the latest version of WordPress is pretty darn secure. Anything which may have been added to some secure your wordpress website plugins has been considered by the development team of WordPress . In the past , WordPress did have holes but most of them are stuffed up.
There are numerous ways to pull off this, and many involve copying and FTPing files, exporting and re-establishing databases and much more. Some of these are very complex, so it's important that you go for the right one. Then you may want to check into using a plugin for WordPress backups, if you are not of the persuasion.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely more, if you make changes and regular additions to your site. If you make changes multiple times every day, or have a community of people which are in there all the time, a backup should be a minimum.
WordPress is one of the most popular platforms for websites and self-hosted sites. While WordPress is pretty secure out of the box, there are always going to be individuals who want to make trouble by finding a way to crack into sites or accounts to cause harm or inject hidden spammy links. That original site is why it's essential to make sure that your WordPress installation is as secure as possible.
However, I recommend that you install the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being allowed after three failed login attempts from a certain IP address for one hour. You can still access your panel whilst away dig this from your workplace, and yet you still have great protection against hackers if you do so.