If you don't have good protection on your site, files can easily get lost. A few of those files might be stored in your computer and easily replaceable, but what about the rest of them? If you lose them the first time, where are you going to get them from again? Especially for sites which have been in operation for quite a long time, clean hacked wordpress site is vital. Many times, long-term sites have created a number of documents and have a lot of More Help data. Recreating that all would be a nightmare, and not something any business owner would like to do.
This is fantastic news because it means that there is a community of users and developers who can further improve the platform. However there's a group of people trying to achieve something, there'll always be people who will try to take down them.
1 step you can take is to delete the default administrator account. This is critical because if you don't do it, malicious user already know a user name that they could attempt to crack.
Now we are getting into things specific to WordPress. You must rename it to config.php and alter the file config-sample.php, when you install WordPress. You need blog to set up the database facts there.
These are three things you can do to keep WordPress safe without plugins. Put a blank Index.html file in your folders, run your web host security scan and backup your entire account.