I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
Backing up your blog regularly also assists in procuring from fix hacked wordpress site hackers. You have to keep a copy of your files hide away in system so you can be confident of your database. This makes you a protected backup files that serves you in times of unexpected down is the machine. Hackers are not as likely to slip from a bonded back up system.
I might find it a little harder to crack your password, if you're among the ones that are proactive. But if you're one of the ones that are reactive, dig this I might just get you.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely, if you make changes and additions to your website. If you make changes multiple times a day, or have a community of people which are in there all the time, a backup should be a minimum.
You can extend the plugin features with premium plugins such as: Amazon S3 plugin, Members only plugin, DropShop etc.. I think this plugin is a good choice and you can use it.
Keep in mind that the security of your sites depend on how you handle them. Be certain that you follow these strategies that are basic to avoid exploits and hacks on your own blogs and sites.