If you have a WordPress blog or website, WordPress security must be an issue for you. I'm sure you must have heard about hackers attacking blogs and websites of other people. The damage done by them can be enormous, especially when the particular blog was high page ranked, displaying high in search engines and profitable. It is not the only type of websites attacked by hackers. The reasoning behind their acts can't be explained as logical. They will destroy it for fun. I know stories of people who one day, instead of their website saw a short note informing them that their website has been blocked by Google due to the thread it carries to other internet users. It was a result of hacker attack, who made changes to the website.
Files can easily get lost if you don't have good protection on your site. Some of those files might be stored in your computer and easily replaceable, but what about the rest of them? If you lose them the first time where will you get them out of again? For sites that have been in business for a very long time, fix hacked wordpress site is vital. Long-term sites have a good deal useful content of data and have made a number of files. Recreating all of that are a nightmare, and not something any business owner wants to do.
Is also important. You want to backup database and all the files you can easily bring back your blog like nothing.
Recently, the site of Reuters was murdered by an unknown hacker and published a news article. Their reputation is destroyed because of what the hacker did since Reuters is a news site. Something similar may happen to you if you do not pay attention on the security of your WordPress blog.
You can extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. I think you can use it for free and this plugin is a good option.
There is another problem you have with WordPress. People know they could drop by your login form and where they can login and try outside a different combination of user accounts and passwords. In order to stop this from happening you want to set up Login Lockdown. It is a plugin that allows users to try and login with a password three times. Following that the IP address will be banned from the server for a specific amount of time.