Install the rename your login url to secure your wordpress website Firewall Plugin. This plugin investigates requests that are net to identify and stop attacks that are obvious.
Also, don't make the mistake of believing that your hosting company will have your back so far as WordPress backups go. Not always. It has been my experience that the hosting company may or may not be doing backups while they say they do. Why take that kind of chance?
Is to delete the default administrator account. This is important because if you don't do it, malicious user already know a user name that they could try to crack.
As I (our untrue Joe the Hacker) understand, people have way too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, web hosting, etc. accounts that all include logins and passwords you will need to remember.
You do think about needing security when your site is new but you do need to protect your investment and yourself. Having a site go down and not having the ability to restore it quickly may mean a major loss of customers who won't remember to click to find out more search for your site again later and can't find you. Don't let that happen to you. Back your site up after you get it started, as the website is operational, and schedule backups for as long. That way, you will have peace and WordPress security of mind.