I back my blogs using a plugin WP DB Backup up. I can restore my website to the settings if anything happens. I use my site to be scanned by WP Security Scan plugin that is free regularly and suspicious-looking asks to be blocked by WordPress Firewall to fix wordpress malware attack.
I might find it somewhat more difficult to crack your password, if you're among the ones that are proactive. But if you're one of the ones, I might get you.
Yes, you want to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely more if you make changes and regular additions to your site. If you make changes multiple times a day, or have a community of people which are in there all the time, a backup should be a minimum.
Now we're getting into things. Whenever you install WordPress, you need to edit the document config-sample.php and rename it read the full info here to config.php. You need to set up the database details there.
I prefer to use a WordPress plugin to get the job done. Just make sure is able to do select copies, has restore and can replicate. Be sure that it is frequently updated to keep pace with all versions of WordPress. There's absolutely no use in backing up your data to a plugin that is out of date, and not working.