By default, the newest version of WordPress is pretty secure. The development team of WordPress has considered anything that might have been added to some secure your wordpress site plugins. In the past , WordPress did have holes but now most of them are filled up.
Strong passwords - Do what you can to use a password, alpha-numeric. Easy to remember passwords are easy to guess!
Yes, you want to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely more, if you make changes and additions to your site. If you have a community of people that are in there all the time, or make changes multiple times a day, a daily backup should browse around here be a minimum.
Now we are getting into things specific to WordPress. Whenever you install WordPress, you have to edit the file config-sample.php and rename it to config.php. You need to install the database details there.
Free software: If you have installed free scripts like Wordpress, search Google for'wordpress security'. You'll get tips.