By default, the latest version of WordPress is pretty secure. Anything that might have been added to any fix hacked wordpress site plugins has been considered by the development team of WordPress . In the past , WordPress did have holes but now most of them are filled up.
The approach, and the one I recommend, is to use one of the creation and storage plugins available on your browser. Many people like RoboForm, but I think after a free trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate passwords for you.
Yes, a knockout post you want to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. Definitely more if you make frequent this post additions and changes to your website. If you make changes multiple times a day, or have a community of people which are in there all the time, a backup should be a minimum.
You can create a firewall that blocks hackers. From coming into your own files, the hacker is prevented by the firewall. You must also have updated version of Apache. Upgrade your PHP also. It is essential that your system is always filled with upgrades.
However, I advise that you install the Login LockDown plugin rather than any.htaccess controls. Login requests will be ceased by that from being check out this site permitted from a for an hour or so after three unsuccessful login attempts. You can access your admin cell while and yet you have protection against hackers if you accomplish this.