Installing the how to fix hacked wordpress site Scan plugin will check all this for you, and alert you to anything that you might have missed. It will also tell you that a user named"admin" exists. Needless to say, that is your user name. You find instructions if you wish and can follow a link. I personally believe that there is a strong password enough protection that is good, and there have been no attacks on the blogs that I run, since I followed those steps.
I protect an access to important files on the blog's server by placing an index.html file in the particular directory, that hides the files from public view.
One step my explanation you can take is to delete check my site the default administrator account. This is important because if you do not do it, malicious user know a user name that they could attempt to crack.
Black and whitelists phrases based on which field they look within. (unknown/numeric parameters vs. try this out known article bodies, comment bodies, etc.).
I prefer to use a WordPress plugin to get the work done. Just make sure is in a position to do backups that are select, has restore functionality, and can replicate. Be sure that it is often updated to keep pace with all versions of WordPress. There is no use in backing your data up to a plugin that is out of date, and not working.