I back my blogs using a free plugin WP DB Backup up. I will restore my blog to the settings if anything happens. I use my blog to be scanned by WP Security Scan plugin that is free frequently and WordPress Firewall to dig this block suspicious-looking requests to fix wordpress malware removal.
A simple way would be to use a few tools that are built-in. First of all, do not allow people my company run a web host security scan, to list the documents in your folders and automatically backup your whole web hosting account.
This is quite useful plugin, protecting you against brute-force password-crack attacks. It keeps track of the IP address of every login attempt. You can configure the plugin to disable login attempts for a selection of IP addresses when a certain number of failed attempts is reached.
Upgrade, if you're not running the latest version of WordPress. Leaving your site is like maintaining your door unlocked when you leave for vacation.
These are three things you why not check here can do to maintain WordPress secure without plugins. Set a blank Index.html file in your folders, run your web host security scan and backup your entire account.