Installing the fix hacked wordpress site Scan plugin alert you to anything that you might have missed, and will check all this for you. Additionally, it will tell you that a user named"admin" exists. That is the administrative user name. You find instructions for changing that name, if you desire and can follow a link. I personally believe that a password is good security, and there have been no attacks on the numerous blogs that I run because I followed those steps.
A simple way to maintain WordPress safe would be to use a few built-in tools. First of all, do not allow people to list the documents run a web host security scan and automatically backup your web hosting account.
In case you ever wish to migrate your website elsewhere, like a new hosting company, you'd have the ability to pull this off without a hitch, and also without needing to disturb your old site until the new one was set up and ready to roll.
Pathological-looking phrases that were whitelists and black based on which area they look within. (unknown/numeric parameters vs. known post bodies, linked here comment bodies, etc.).
Just make sure that you can schedule, and you decide on a plugin that is current with release and the current version of WordPress, restore and clone.