I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
If you do not have good protection on your site files can easily get lost. A few of those files may be stored on your computer and easily replaceable, but what about the rest of them? If you lose the first time to them where will you get them out of again? Especially for sites that have been in operation for quite a very long time, fix wordpress malware plugin is vital. Often, long-term sites have made a number of documents and have a good deal of data. Recreating that all would be a nightmare, and not something any business owner wants to do.
Safeguard your login credentials - Don't keep your login credentials where they might be found by a hacker. Store them off, and even offline. Roboform is very good for protecting them, also. Food for thought!
Yes, you want to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely, if you make changes and frequent additions to your site. If you Website have a community of people which are in there all the time, or make changes multiple times every day, a backup should be a minimum.
Note that you should try this last step for new installations. You have to change the table names inside the database if you might like to get it done for installations.
Implementing all the above will probably take less than an hour to complete, while making your WordPress website much more resistant to intrusions. Sites were cracked last year, mainly due to preventable security gaps. Have yourself prepared and you're likely to be on the safe side.