By default, the latest version of WordPress is pretty darn secure. The development team of WordPress has considered anything that might have been added to some fix malware problems free plugins. In the past , WordPress did have holes but now most of them are filled up.
I protect an access to important files on the blog's server by placing an index.html file in the particular directory, which hides the files Check Out Your URL out of public view.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely, if you make additions and changes to your website. If you have a community of people that are in there all the time, or make changes multiple times every day, a backup should be a minimum.
Now it's time use this individual's name and identity to pose as your buddy and to sign up for a new Facebook accounts. After I get it all set up, I'll be telling you posing as your friend and asking you to be friends with me on Facebook (or Twitter, or whichever societal site).
But realize that online security is something you really need to start thinking about. Do not only be the type that is reactive, consider steps to start protecting yourself. Do not let Joe the Hacker make your life miserable and turn all that you've worked so hard in index creating come crashing down in a matter of seconds.