There are millions of blogs. Some of us are making money through it and some don't. Most of the bloggers use WordPress at the moment. You will need to make certain that your blog is protected.
Let me shoot a scare tactics your way since scare tactics seem to be what drives some people to take fix wordpress malware attack a little more seriously, or at least start considering the problem.
Do not depend on your Web host - Many people depend on their web host to"do all that technical stuff for me", not realizing that sometimes, they do not! Far better to have the responsibility lie instead of out of your control.
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. If you make frequent additions and changes to your website, definitely more. If you have a community of people which are in there all the time, or make changes multiple times every day, a backup should be a minimum.
In addition to adding a secret key to your wp-config.php file, also consider changing your user password to something that's strong and unique. WordPress will let you know the strength of your password, but include amounts, use letters, and a great idea is to avoid phrases. It's also a good idea to change your password regularly link - say once every six months.
Don't use wp_. Most web hosting providers are currently eliminating that default but if yours does not, fix wp_ to anything else but that.