When I was in college, one of my business instructors told us students that one of the greatest barriers to making money was procrastination.
Finally, installing the fix wordpress malware fix Scan plugin will check most of this for you, and alert you that you might have missed. Additionally, it will inform you that a user named"admin" exists. That is your administrative user name. If you desire, you can follow a link and find directions for changing that name. Personally, I believe that a strong password is good enough security, and since I followed those steps, there have been no successful attacks on the several blogs that I run.
Use strong passwords - Do what you can to use a strong password, alpha-numeric. Easy to remember passwords are easy to guess!
You should also place the"Anyone Can Register" in Settings/General to away, and you should have some sort of spam plugin. Akismet is the old standby, the one I use, but there are many of them these days.
Now we're getting my sources into things specific to WordPress. You have to rename it to config.php and alter the see this website document config-sample.php, when you install WordPress. You need to set up the database facts there.
Implementing all of the above will probably take less than an hour to finish, while making your WordPress website much more immune to intrusions. Sites were this past year, largely due to easily preventable security gaps. Have yourself prepared and you are likely to be on the safe side.