Installing the how to fix hacked wordpress site Scan plugin alert you that you might have missed, and will check all this for you. It will also inform you that a user named"admin" exists. Needless to say, that is your administrative user name. You find directions for changing that name, if you wish and can follow a link. I think that there is a strong password good enough protection, and there have been no successful attacks on the sites that I run since I followed these steps.
An easy way would be to use a few tools. To begin with, do not allow people run a web host security scan, to list the files in your folders and automatically backup your web hosting account.
For me it's a WordPress plugin. They are drop dead simple to install, have all the functions you need for a task like this, and are relatively cheap, especially when compared to having to employ someone to get this done for you.
Now we are getting into things. Whenever you install WordPress, you need to edit the file config-sample.php and rename it to config.php. You want to set up the database details there.
Change your WordPress explanation admin and password username, or at least your password and collect and use other good WordPress security tips to keep hackers out!