There are millions of blogs. Some of us are earning money through it and some do not. Many of the bloggers use WordPress at the moment. You need to be sure that your blog is secure.
By default, the latest version of WordPress is pretty secure. The development team of WordPress has considered anything which may have been added to some how to fix hacked wordpress plugins. Before, WordPress did have holes but now most of them are stuffed up.
The one I recommend, and the approach, is to use one of the password creation and storage plugins available for your browser. I think after a free trial period, you need to pay for it, although RoboForm is liked by people. I use the free version of Lastpass, and I recommend it for those of you who use Firefox or Internet Explorer. That will generate secure passwords for you.
You also need to place the"Anyone Can Register" in Settings/General to off, and you ought to have some type of spam plugin. Akismet is the old click for more info standby, the one I use, but there are lots of them nowadays.
Now we are getting into matters specific to WordPress. Whenever you install WordPress, you need to edit the file config-sample.php and rename it to config.php. You need to set up the database information there.
Using a plugin for WordPress security makes great sense. Backups will need to be carried out on a regular basis. Do not become a victim of not being proactive as a result!