Finally, fix hacked wordpress will tell you that there's no htaccess in the directory. You may put a.htaccess file if you desire, and you can use it to control access by IP address to the directory or address range. Details of how to do this are available on the net.
An easy way is to use a few built-in tools. To begin with, do not allow people run a web host security scan to list the documents in your folders and automatically backup your whole web hosting account.
Before you can delete the default admin account, you need to create a user with administrator rights. To do this go to your WordPress Dashboard and click on User -> Create New User. Then enter all of the information you need to enter.
Can you see that folder what if you visit WP-Content/plugins? If so, upload that blank Index.html file into that folder as well so click for source people can not view what plugins you have. Someone can use this to get access because even if your version of WordPress is current, if you're using a plugin or an old plugin with a security hole.
The plugin should be updated to stay current with the latest WordPress release, play nice with all your plugins and have WordPress cloning and restore capabilities. The ability to clone your site (in addition to regular backups) can be useful if you ever need to do an offline website redesign, among other things.