By default, the newest version of WordPress is pretty darn secure. The development team of WordPress has considered anything which may have been added to some rename your login url to secure your wordpress website plugins. In the past , WordPress did have holes but most of them are stuffed up.
There are ways to pull this off, and a lot of them involve re-establishing databases and more and FTPing files, exporting and copying. Some of them are very complex, so it is important that you go for the one that is right. If you're not of the persuasion that is technical, then you may want to check into using a plugin for WordPress backups.
Exclude pages - This plugin Go Here adds a checkbox,"include this page in menus", which is checked by default. If you uncheck it, the page will Web Site not appear in any listings of pages (which includes, and is ordinarily restricted to, your webpage navigation menus).
As I (our fictitious Joe the Hacker) understand, people have way too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, web hosting, etc. accounts that all include logins and passwords you need to remember.
Using a plugin for WordPress security just makes sense. Backups will need to be carried out on a regular basis. Don't become a victim because of not being proactive!