In my opinion, the best way to ensure your is via the use of a fix hacked wordpress site backup plugin. This is a fairly inexpensive, elegant and easy to use way to make sure your website is available to you.
I protect an access to important files on the site's server by putting an index.html file in the particular directory, that hides the files from public view.
Maintain control of your assets that are online - Nothing is worse than having your livelihood in the hands of someone else. Why take chances with something as important as your website?
You may extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. I think you can use it for free and this plugin is a good choice.
There is another problem you have with WordPress. People know where they can login and additionally they could visit with your login form and try about his outside a different combination of passwords and user accounts. So as to stop this from happening you need to set up Login Lockdown. It's a plugin that only why not try these out lets users try and login with a password three times. Following that the IP address will be banned from the server for a specific amount of time.