Installing the fix wordpress malware plugin Scan plugin will check all this for you, and alert you that you might have missed. Additionally, it will inform you that a user named"admin" exists. Needless to say, that is the user name. You find instructions for changing that title, if you desire and can follow a link. I personally think that a strong password is enough security that is good, and there have been no attacks on the sites that I run, because I followed those steps.
There are numerous ways to pull this off, and a lot of them involve copying and FTPing files, exporting and re-establishing databases and much more. Some of them are very complicated, so it's important that you select the right one. If you are not of the technical persuasion, then you might want to look into using a plugin for WordPress backups.
Keep control of your assets that are online - Nothing is worse than getting your livelihood in the hands of somebody else. Why take chances with something as important as your site?
Now we are getting into things specific to WordPress. You have to rename it to config.php and discover here modify the document config-sample.php, when you install WordPress. You need to set up the database facts there.
These are. Put a blank Index.html file in your folders, run your web host security scan and backup your entire account.