Finally, installing the fix wordpress malware virus Scan plugin will check most of this for you, and alert you that you might have missed. It will also tell you that a user named"admin" exists. That is your administrative user name. You find directions for changing that name, if you desire and can follow a link. I personally think that there is a strong password good enough security, and there have been no successful attacks on the blogs that I run because I followed those steps.
Backup plug-ins is also significant. You need to backup all the files and database so in the event of a sudden attack, you can easily bring back your blog like nothing happened.
Exclude pages - This plugin adds a checkbox,"include this page in menus", which can be checked by default. If you uncheck it, the page will not appear in any listings of webpages next page (which includes, and is ordinarily restricted to, your page navigation menus).
As I (our untrue Joe the Hacker) know, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts which all include logins and passwords you need to remember.
Do your homework and some searching, but if you are pressed for time and want to get this try the WordPress safety plugin that I use. It's a relief to know that my website (and business!) are secure.