When I was in college, one of my business instructors told us students that one of the greatest hurdles to making money in business was procrastination.
Finally, installing the fix wordpress malware attack Scan plugin will check all this for you, and alert you that you might have missed. It will also tell you that a user named"admin" exists. That is your administrative user name. You find directions if you desire and can follow a link. I believe that there is a password protection that is good, and there have been no successful attacks on the several sites that I run, since I followed these steps.
Don't make the mistake of thinking that your hosting company will have your back so far as WordPress backups go. Not always. It has been my experience that the company may or may not be doing proper backups, while they say that they do. Take that kind of chance?
1 thing you can take is to delete the default administrator account. This is critical because if you do not do it, a user name which they could attempt to crack is already known by malicious user.
As I (our untrue Joe the Hacker) know, people have far too many usernames and passwords to remember. You blog here have got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts that all come with logins and passwords you will need to remember.
But realize that security is. Don't just be the reactive type, take action to begin today protecting yourself. Do not let Joe the Hacker make your life miserable and turn everything in creating come crashing down in a matter of seconds that you've worked so hard.