Installing the secure your wordpress site Scan plugin will check most of this for you, and alert you that you might have missed. Additionally, it will inform you that a user named"admin" exists. That is the administrative user name. If you desire you can follow a link and find directions for changing that name. I personally think that a strong password is enough protection that is good, and because I followed those steps, there have been no successful attacks on the blogs that I run.
It all will start with the basics. Attempt to use complex passwords. Use letters, numbers, special characters, and spaces and combine them to create a unique password. You could use usernames that aren't obvious.
There's a section of config-sample.php that is headed"Authentication Unique Keys." There are. There is a hyperlink inside that part of code. You want to enter that link in here are the findings your browser, copy the contents that you return, and then replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically generate a"logged-in" cookie for your website.
As I (our fictitious Joe the Hacker) know, people have far too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, internet hosting, etc. accounts that all come with logins and passwords you need to remember.
Using a plugin for WordPress security just makes great sense. Backups need to be carried out on a regular basis. Do not become a victim of not being proactive as a result!