It's also important to change your password and admin username if someone needs your password and admin username to login to do the job and will help you. After all of the work is finished, IMMEDIATELY change your password and admin username. If the person is trustworthy, someone in their business may not be. Better to be safe than sorry!
If you don't have good protection on your website Documents can easily get lost. Some of those files may be stored on your computer and easily replaceable, but what about the rest of them? If you lose them the first time, where are you going to get them from again? Especially how to fix hacked wordpress is very important. Many times sites have created a large number of files and have a good deal of data. Recreating that all would be a nightmare, and not something any business owner would like to do.
Don't depend on your Web host - Many people depend on their web host to"do all that technical stuff for me", not realizing that sometimes, they do not! Far better to have the responsibility lie instead of out of your control.
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely if you make changes and frequent additions to your site. If you have a community of people that are in there all the time, or make changes multiple times every day, a backup should be a minimum.
Along with adding a secret key YOURURL.com to your wp-config.php document, also think about altering your user password into something that's strong and unique. A great idea is to avoid phrases, use letters, and include amounts, although wordPress will let you know the strength of your password. It's also a good idea to change your password regularly - say once every six months.
Do your homework and sites some hunting, but if you're pressed for time and want to get this try the WordPress safety plugin that I use. It's a relief to know that my site (and company!) are secure.