I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
Cloning your site is another level in repair hacked wordpress site that can be very useful. Cloning simply means that you have backed up your website to a completely different location, (offline, as in a folder, in order to not have SEO issues ) where you can access it at a moment's notice if necessary.
Don't make the mistake of believing that your hosting company will have your back so far as WordPress copies go. Not always. It's been my experience that the company may or may not be doing backups, while they say that they do. Why take that kind of chance?
Yes, you need to do regular backups of your website. More hints I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely more, if you make changes and additions to your site. If you have a community of people which are in there all the time, or make changes multiple times every day, a daily backup should be a minimum.
WordPress is one of the most popular platforms for self-hosted blogs and websites. While WordPress is pretty secure from the box, there are always going to be individuals who want to create trouble by finding a way to crack into sites or accounts to cause harm or inject hidden spammy links. That is why it's essential to make sure that your WordPress installation is as safe as possible.
There is another problem you have with wikipedia reference WordPress. People always know where they can login and additionally they could visit with your login form and try outside a different combination of passwords and user accounts. In order to prevent this from happening you want to install Login Lockdown. It is a plugin that lets users attempt and login with a wrong password three times. Following that the IP see this page address will be banned from the server for a specific amount of time.