Installing the rename your login url to secure your wordpress website Scan plugin will check most of this for you, and alert you that you might have missed. Additionally, it will inform you that a user named"admin" exists. Needless to say, that is the administrative user name. You can follow a link and find directions if you wish. Personally, I believe that there is a password security that is good, and there have been no attacks on the several sites that I run, since I followed those steps.
I protect an access to important files on the site's server by placing an index.html file in the particular directory, that hides the files from public view.
Keep your WordPress Setup to date - One check over here of the simplest and most valuable tasks you can do yourself is to ensure that your WordPress installation is updated. WordPress gives a notice in your dashboard to you, so there's really no reason.
What if you visit WP-Content/plugins, can you view that this content folder? If so, upload this blank Index.html file into that folder as well so people can not see what plugins you might have. Someone can use that to get access because even if your version of WordPress is up to date, if you are using a plugin or an old plugin with a security hole.
Implementing all the above will take less than an hour to complete, while creating your WordPress website more resistant to intrusions. Over 1 million WordPress websites were last year, largely due to preventable safety gaps. Have yourself prepared and you are likely to be on the safe side.