Finally, installing the fix wordpress malware plugin Scan plugin alert you that you might have missed, and will check all this for you. Additionally, it will inform you that a user named"admin" exists. Needless to say, that is your administrative user name. You find instructions if you wish and can follow a link. I think that a password is good protection, and there have been no attacks on the several blogs that I run, since I followed those steps.
Hackers do not have the capability once you got these lined up for your own security, to come to your WordPress blog. You can have a secure WordPress account that gives big bucks from affiliate marketing to you.
You should also set the"Anyone Can Register" in Settings/General to off, and you should have some sort of you can try this out spam plugin. Akismet is the old standby, the one I use, but there are many of them nowadays.
As I (our fictitious Joe the Hacker) know, people have far too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, web hosting, etc. accounts which all include logins and passwords you will need to remember.
Those are. Set a blank Index.html file in your folders, run your web host security scan and backup your Web Site whole account.