Finally, installing the fix wordpress malware plugin Scan plugin will check most of this for you, and alert you that you may have missed. Additionally, it will inform you that a user named"admin" exists. That is the user name. You find directions for changing that name, if you wish and can follow a link. I believe that a password is good enough protection, and there have been no successful attacks on the blogs that I run since I followed those steps.
Don't make the mistake of believing that your web host will have your back so far as WordPress check over here backups go. Not always. While they say that they do, it has been my experience that the hosting company may or may not be doing backups. Why take that kind of chance?
You also need to set the"Anyone Can Register" in Settings/General to away, and you ought to have some type of spam plugin. Akismet is the old standby, the one I use, but there are many of them these days.
BACK UP your site and keep a copy on your computer and off-site storage. For those who have a website, back. You spend a whole lot of time and money on your site, don't skip this! The one solution that does it all is BackupBuddy, no back up widgets your documents, plugins and database. Need to move your website this will do it!
The plugin should be regularly updated play nice to remain current with the latest WordPress release and have WordPress cloning and restore capabilities. The ability to clone your site (in addition to regular backups) can be useful if you ever want to do an offline site redesign, among other things.