Installing the clean hacked wordpress site Scan plugin alert you to anything that you may have missed, and will check all this for you. It will also tell you that a user named"admin" exists. That is your administrative user name. If you desire you can follow a link and find instructions for changing that title. I personally think that a password is enough protection that is good, and there have been no attacks on the numerous sites that I run since I followed these steps.
The stronger approach, and the one I personally recommend, is to use one of the generation and storage plugins available on your browser. I think after a trial period, you need to pay for it, although RoboForm is liked by people. I use the free version of Lastpass, and I recommend it for those who use Firefox click over here or Internet Explorer. That will generate secure passwords for you.
You should also set the"Anyone Can Register" in Settings/General to away, and you ought to have some sort of spam plugin. Akismet is the one I use, the old standby, but there are lots of them nowadays.
BACK UP your site regularly and keep a copy on your computer and off-site storage. Back, For those who have a very active website. You spend a lot of time and money on your site, don't skip this! The one solution that does it all is BackupBuddy, no back up widgets your documents, plugins and database. Need to move your site this will do it!
There is. People always know where they can login and they also could visit your login form and try out a different combination of user accounts and passwords. In order to prevent this from happening you need to install Login Lockdown. It's a plugin that allows users to attempt to login with a password three times. Following that the IP address will be banned from the server for a certain amount of time.