This is the first step and the most important. Before you plan on making any changes, make sure you backup your entire DB. You can do this manually or use an available plugin. I recommend backup buddy which backs up your entire wordpress blog.
Unlike free plugins which only backup your database, backup buddy exports your entire database with images, files and whatever you have in your blog’s content folder- Pretty sweeet!
Second crucial step after backing up your blog is to update it to the latest version. You should always make sure that your blog’s version is up to date. WordPress team creates patches to help fix security holes. Follow wordpress feed to find out about the latest updates or you could simply login to your admin.
The default wordpress login is “admin” and most hackers know that. We should change this to something else that would be difficult to guess. Something like “rogers12” or “donhoe2” is good examples. The best thing to do is delete the default admin and create a new custom login.
I suggest that you use strong passwords which include upper/lower keys, numbers and symbols. Something like “rockSTAR19!@” or “Anabel2@!” is a great example of a strong password.
Most hackers try to brute force the password so if your password is really strong as I mentioned earlier, you should be fine.
Do not use birth days, names, pet names or hobbies as passwords. People who are close to you know a little more about you; you don’t want any wild guesses