I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
Since scare tactics appear to be at the very least start thinking about the problem, or what drives some people to take rename your login url to secure your wordpress website a little more seriously, let me shoot a couple of scare tactics your way.
Backup plug-ins is also important. You want to backup database and all the files so in the event of a sudden attack, you can easily bring back your site like nothing.
Yes, you need to do regular backups of your website. Get the facts I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. If you make additions and changes definitely more. If you make changes multiple times a day, or have a community of people which are in there all the time, a daily backup should be a minimum.
It's really sexy to fan the flames of fear. That's what bloggers and journalists and politicians and public figures do. It's terrific for javascript programmers denver readership and it brings money. Balderdash.
Using a plugin for WordPress security makes sense. WordPress backups will need to be performed on a regular basis. Do not become a victim of not being proactive because!