Finally, installing the fix wordpress malware removal Scan plugin will check most of this for you, and alert you that you might have missed. It will also tell you that a user named"admin" exists. That is the administrative user name. If you wish, you can follow a link and find instructions for changing that title. I believe that a password is enough security that is good, and there have been no successful attacks on the sites that I run, because I followed these steps.
The more powerful approach, and the one I personally recommend, is to use one of the password generation and storage plugins available on your browser. I think after a trial period, you need to pay for it, although RoboForm is liked by many people. I use the free version of Lastpass, and I recommend it for those anchor of you who use Internet Explorer or Firefox. That will generate secure passwords for you; then you use one master password to log in.
Exclude pages - This plugin provides a checkbox,"include this page in menus", which can be checked by default. If you uncheck it, the page won't appear in any listings of webpages (which includes, and is usually limited to, your page navigation menus).
Whitelists pathological-looking phrases and black based on which area they look within. (unknown/numeric parameters vs. known article bodies, remark bodies, etc.).
Change your WordPress password and admin username, or your password visit the site and collect and use good WordPress security tips to keep hackers out!