In my view, the best way to make sure that your WordPress security is through the use of a clean hacked wordpress site backup plugin. This is a relatively inexpensive, easy and elegant to use way to make sure that your site is accessible to you.
There are ways to pull this off, and many of them involve copying and FTPing files, exporting and re-establishing databases and more. Some of them are very complex, so it is imperative that you go for the one that is right. Then you may want to look into using a plugin for WordPress backups if you are not of the persuasion that is technical.
Yes, you want to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely, click over here now if you make changes and Read Full Article additions to your site. If you make changes multiple times a day, or have a community of people that are in there all the time, a backup should be a minimum.
Can you view that folder, what if you visit WP-Content/plugins? If so, upload this blank Index.html file inside that folder as well so people can not view what plugins you have. Because even if your existing version of WordPress is up to date, if you're using an old plugin or a plugin using a security hole, someone can use that to get access.
Those are three simple things you can do to keep WordPress safe without plugins. Set a blank Index.html file in your folders, run your web host security scan and backup your whole account.