Finally, installing the fix hacked wordpress Scan plugin will check most of this for you, and alert you to anything that you may have missed. Additionally, it will inform you that a user named"admin" exists. That is your administrative user name. You find instructions if you wish and can follow a link. I think that a strong password is good enough protection, and since I followed these steps, there have been no successful attacks on the sites that I run.
No software system is immune to vulnerabilities and bugs. Security holes will be discovered and bad men will do their best to exploit them. Keeping your software up-to-date is a good way once security holes are found because their products will be fixed by software sellers that are reliable.
Exploit Scanner goes seeking anything suspicious through the files on your site post, comment and database tables. You look at here now are also notified by it for plugin names that are unusual. It doesn't remove anything, it warns you for threats.
Install the WordPress Firewall Plugin. This plugin investigates web requests to recognize and stop most obvious attacks.
Don't use wp_ as a prefix for your own databases. Web hosting providers are removing that default now but if yours does not, adjust wp_ to anything but Get More Info that.