Finally, installing the how to fix hacked wordpress site Scan plugin will check most of this for you, and alert you to anything that you might have missed. It will also tell you that a user named"admin" exists. Needless to say, that is your user name. You can follow a link and find instructions if you wish. Personally, I think that there is a strong password enough protection that is good, and there have been no attacks on the sites that I run, since I followed those steps.
A simple way to maintain WordPress safe is to use a few tools that are built-in. First of all, don't allow people run a web host security scan, to list the documents Go Here in your folders and automatically backup your web hosting account.
This is very useful plugin, protecting you against brute-force password-crack attacks. It keeps track of the IP address of every login attempt. You can configure the plugin to disable login attempts when a certain number of attempts is reached.
As I (our untrue Joe the Hacker) understand, people have far too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, web hosting, etc. accounts which all come with logins and passwords you will need to remember.
There is another problem you have with WordPress. People always know where they can login and they could drop by your login form and try out a different combination of passwords and user accounts. In order to prevent this from happening you need to set up Login Lockdown. It is a plugin that useful source only allows users to try and login with a wrong password three times. Following that the IP address will be banned from the server for a specific timeframe.