Let me shoot a scare tactics your way since scare tactics appear to be what drives some people to take secure your wordpress site a little more seriously, or at least start considering the problem.
No software system is immune to vulnerabilities and bugs. Security holes will be discovered and bad men will do their best to exploit them. Keeping your software up-to-date is a fantastic way once security holes are found, because their products will be fixed by software sellers.
This is find more information quite useful plugin, protecting you against brute-force password-crack strikes. It keeps track of the IP address of every login attempt. You can configure the plugin to disable login attempts when a certain number of attempts is reached.
Can you view that folder what if you visit WP-Content/plugins? If so, upload that blank Index.html file into that folder as well so people can't view what plugins you might have. Someone can use that to get access because even if your existing version of WordPress is current, if you're using a plugin or an old plugin using a top article security hole.
Of course you can install plugins to make your store like share buttons or automated backup plugin. That's all. Your store is now up and running!