Installing the fix wordpress malware Scan plugin will check all this for you, and alert you to anything that you might have missed. Additionally, it will inform you that a user named"admin" exists. That is your user name. You can follow a link and find instructions if you desire. I personally think that a strong password is good protection, and since I followed these steps, there have been no attacks on the sites that I run.
Everything you've worked for will go with it should your site's server go down. You'll make no sales, get signups or index no visitors to your site, until you get the website back up 32, and in short, you're out of business.
You also need to set the"Anyone Can Register" in Settings/General to off, and you should have some type of spam plugin. Akismet is the old standby, the one I use, but there are many of them nowadays.
Another step to take to make WordPress more secure is to always upgrade WordPress. The main reason for this is that there come fixes for security holes that are older which makes it essential to upgrade early.
Software: If you have installed scripts that are free such as Wordpress, search Google for'wordpress security'. You will get tips.