I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
If you don't have good protection on your site Documents can easily get lost. Some of those files might be saved on your computer and easily replaceable, but what about the rest of them? Where are you going to get them from again, if you lose them the first time? Especially for sites which have been in operation for quite a very long time, fix malware problem is vital. Often sites have a good deal of data and have made a number of documents. Recreating that all would be a nightmare, and not something any business owner wants to do.
Essentially, it all will start with the fundamentals. Try using complex passwords. Use spaces, numbers, special characters, and letters and combine them to create a password. You could use.
Yes, you want to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if at all possible. Definitely more, if you make regular additions and changes to your site. If you have a community of people that are in there all the time, or make changes multiple times a day, a daily backup should be a minimum.
You can extend the plugin features with premium plugins such as: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think this plugin is a fantastic option and you can use it at Your Domain Name no cost.
Implementing all the above will take less than an hour to complete, while creating your WordPress website much more resistant to intrusions. Websites were this past year, largely due to easily preventable security gaps. Have yourself prepared and you're likely to be on the safe side.