If you do not have good protection on your site files can easily get lost. A few of those files may be saved on your computer and easily replaceable, but what about the rest of them? Where are you going to get them out of again, if you lose the first time to them? Especially secure your wordpress site is vital. Often, long-term sites have made a number of documents and have a lot of data. Recreating that all would be a nightmare, and not something any business owner wants to do.
Safeguard your login credentials - Do not keep your login credentials where a hacker might locate them. Store them off, her comment is here and even offline. Roboform is good for protecting them. Food for thought!
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. If you make changes and regular additions to your website, definitely more. If you have a community of people which are in there all the time, or make changes multiple times every day, a daily backup should be a minimum.
Now we are getting into things. You have to rename it to config.php and alter the file config-sample.php, when you install WordPress. You need to deploy the database facts there.
Oh . And by the way, I was talking about plugins. Make sure Homepage it's a safe one, when you get a plugin. Don't install any plugin because the owner is saying that plugin will allow you to do that or this. Maybe use get a software engineer this page to examine it carefully, or maybe a test site to check the plugin. This way you'll know it isn't a threat for you or your organization.