It's also important to change admin username and your password if someone will help you and needs admin username and your password to login to do the work. After all the work is finished, admin username and your password changes. Even if the person is trustworthy, someone in their business may not be. Better to be safe than sorry!
Installing the fix hacked wordpress database Scan plugin will check all this for you, and alert you that you might have missed. It will also inform you that a user named"admin" exists. That is your user name. If you desire you can follow a link and find directions for changing that name. Personally, I believe that there is a password enough protection that is good, and there have been no successful attacks on the sites that I run, because I followed those steps.
The stronger approach, and the one I personally recommend, is to use one of the creation and storage plugins available for your browser. I think after a free trial period, you have to pay for it, although people like RoboForm. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate secure passwords for you; you use one master password to log in.
This is quite handy plugin, read the article protecting you against brute-force strikes that are password-crack. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts when a certain number of attempts is reached.
Install the WordPress Firewall Plugin. Stop and this plugin investigates web requests to Website recognize attacks that are most obvious.
Those are. Put a blank Index.html file in your folders, run go now your web host security scan and backup your whole account.