What is WordPress cloning and why is it a very useful tool? Most individuals think this is a shady technique for copying websites to garner more link traffic and love, and while that may have been true (and useful!) This is an entirely different endeavor.
The repair hacked wordpress site Codex has an outline of what permissions are acceptable. File and directory permissions can be changed either via an FTP client or within the page from your web host.
Strong passwords - Do what you can to use a password, alpha-numeric. Easy to remember passwords are easy to guess!
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely, additional hints if you make changes and frequent additions to your website. If you have a community of people that are in there all the time, or make changes multiple times every day, a backup should be a minimum.
Take note of your new password! I suggest the paid or free version of the protected software *Roboform* to remember your passwords.
Oh . And by the way, I talked about plugins. Make sure it's a safe one when you get a new plugin. Do not install any plugin simply because the owner is saying on his website that plugin can help you do this or that. Use get a software engineer to examine it carefully, or perhaps a test blog to look at the plugin. This way you'll know it is not a threat for your organization or you.