Installing the fix wordpress malware scanner Scan plugin alert you to anything that you might have missed, and will check all this for you. It will also inform you that a user named"admin" exists. Needless to say, that is your user name. You can follow a link and find instructions for changing that name, if you desire. I think that a strong password is good protection, and since I followed these steps, there have been no successful attacks on the several sites that I run.
It will start with the pop over to this site basics. Try to use passwords. Use numbers, letters, special characters, and spaces and combine them to make a password that is unique. You could use usernames that are not obvious.
Yes, you want to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely more, if you make changes and additions to your site. If right here you make changes multiple times a day, or have a community of people that are in there find more info all the time, a backup should be a minimum.
Now we're getting into matters specific to WordPress. You must rename it to config.php and modify the document config-sample.php, when you install WordPress. You need to deploy the database facts there.
I prefer using a WordPress plugin to get the job done. Just make sure that the plugin you choose is in a position to do copies, has restore and can clone. Be sure that it is frequently updated to keep pace with all versions of WordPress. There is not any use in backing up your data to a plugin that's out of date, and not functioning.