I've had two WordPress blogs hacked into previously. That was in a time when I was doing virtually no internet advertising, and until I found time to handle the situation (weeks later), these sites were penalized in the major search engines. They were not eliminated, no matter how the evaluations were reduced.
Finally, installing the fix wordpress malware cleanup Scan plugin alert you that you might have missed, and will check all this for you. Additionally, it will tell you that a user named"admin" exists. That is your administrative user name. If you wish you can follow a link and find directions for changing that name. Personally, I think that there is a strong password enough protection that is good, and there have been no attacks on the numerous blogs that I run, since I followed those steps.
The one I recommend, and the more powerful approach, is to use one of the password creation and storage plugins available for your browser. I believe after a trial period, you need to pay for it, although RoboForm is liked by Lots of people. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate passwords for you; you use one master password to log in.
It represents a task that is essential while it's an odd term : making a WordPress copy of your site to work on offline, or in case something should go amiss. We're not only being obsessive-compulsive here: servers go down every day, despite their promises site here of 99.9% uptime, and if you've had this happen to you, you know the fear is it can cause.
As I (our fictitious Joe the Hacker) understand, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, internet hosting, etc. accounts that all come with logins and passwords you will need to remember.
Implementing all of the above will probably take less than an hour to finish, while creating your WordPress website much more immune to intrusions. Over 1 million WordPress websites were last year, largely due to easily preventable safety gaps. Have yourself prepared and you are likely to be on the safe side.