It's also important to change your password and admin username if someone will help you and needs your admin and password username to login to perform the work. Admin username and your password changes, after all of the work is complete. Someone in their business might not be, if the person is trustworthy. Better to be safe than sorry!
Installing the fix malware problem Scan plugin will check all this for you, and alert you to anything that you may have missed. It will also inform you that a user named"admin" exists. That is the administrative user name. If you wish you can follow a link and find instructions for changing that title. Personally, I believe that there is a password good protection, and there have been no attacks on the numerous blogs that I run since I followed those steps.
Don't make the mistake of believing that your hosting company will have your back as far as WordPress copies go. Not always. It's been my experience that the company may or may not be doing backups, while they say that they do. Why take that kind of chance?
First in line is currently creating a smarter password for your account. Passwords must be made with characters and numbers. You make small shifted letters and may combine them. Smarter passwords can be your gateway to zero webpage hackers. Make passwords that are difficult that you can consider.
Can you see that folder, what if you visit WP-Content/plugins? If so, upload this blank Index.html file into that folder as well so people can not view what plugins you might have. Someone can use that to get access because even if your version of WordPress is current, if you are using a plugin or an old plugin using a security hole.
There is another problem you have with WordPress. People know where they can login and they also could visit your login form and try out a different combination of user accounts and passwords. So as to prevent this from happening you need to install Login Lockdown. It is a plugin that lets users try and login with a wrong password three times. Following that the IP address will be banned from the server for a certain timeframe.