By default, the latest version of WordPress is pretty darn secure. The development team of WordPress has considered anything that might have been added to any secure your wordpress website plugins. Before, WordPress did have holes but most of them are filled up.
This is great news because it means that there's a strong community of users and developers that could enhance the platform. However there is a group of people attempting to achieve something, there will always be people who will try to take down them.
Recently, the blog of Reuters was hacked by an unknown hacker and published a news article that was fake. Their reputation is destroyed due to browse around here what the hacker did, since Reuters is a popular news site. Something similar may happen to you if you do not pay attention.
As I (our untrue Joe the Hacker) understand, people have way too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, web hosting, etc. accounts which all come with logins and passwords you need to remember.
I prefer using a WordPress plugin to get the work done. Just make sure that the plugin you select is able to do select backups, has restore functionality, and can replicate. Also be sure that it is often updated to keep pace with all versions of WordPress. There's absolutely not any use in not working, and backing up about his your data to a plugin that is out of date.