There are countless blogs. Money is being made by some of us and some do not. Many of the bloggers use WordPress at the moment. You need to make certain that your blog is secure.
Cloning your website is another level in fix malware problem which may be useful. Cloning simply means that you've backed up your site to a completely different place, (offline, as in a folder, in order to not have SEO problems) where you can get it in a moment's notice if necessary.
Strong passwords - Do what you can to use a password, alpha-numeric. Easy to remember passwords are easy to guess!
Yes, you want to do regular backups of your site. I recommend at least a weekly database you can find out more backup and a monthly "full" backup. More, if possible. Definitely, if you make changes and additions to your site. If you make changes multiple times a day, or have a community of people which are he has a good point in there all the time, a backup should be a minimum.
As I (our fictitious Joe the Hacker) know, people have far too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts which all come with read logins and passwords you need to remember.
However, I advise that you set up the Login LockDown plugin in place of any.htaccess controls. From being allowed after three unsuccessful login attempts from a specific IP address for one hour, login requests will stop. If you do so, you may get into your admin panel while and yet you still have good protection against hackers.