Year and a half educated us that WordPress security should not be dismissed by any means. Between 15% and 20% of the world's high traffic websites are powered by WordPress. The fact it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
Installing the secure your wordpress site Scan plugin will check most of this for you, and alert you to anything that you may have missed. It will also tell you that a user named"admin" exists. That is your administrative user name. You can follow a link and find directions for changing that title, if you wish. Personally, I believe that a strong password is good security, and because I followed these steps, there have been no attacks on the sites that I run.
Don't make the mistake of thinking that your hosting company will have your back so far as WordPress backups go. Not always. It's been my experience that the company site may or may not be doing proper backups, while they say they do. Why take that kind of chance?
Keep control of your online assets - Nothing is worse than having your livelihood in the hands of someone else. Why take chances with something as important as your site?
You can extend the plugin features with premium plugins such as: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think you can use it and this plugin is a fantastic choice.
Implementing all the above will probably take less than an hour to finish, while making your WordPress website more immune to intrusions. Over 1 million WordPress sites were this past year, largely due to easily official source preventable security gaps. Have yourself prepared and you're likely to be on the safe side.