Install the fix wordpress malware removal Firewall Plugin. This plugin investigates requests that are net with straightforward heuristics to identify and quit attacks that are obvious.
The one I recommend, and the approach, is to use look these up one of the password generation and storage plugins available for your browser. RoboForm is liked by many people, but I believe after a top article trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate secure passwords for you.
Exclude pages - This plugin provides a checkbox,"include this page in menus", which can be checked by default. If you uncheck it, the page will not appear in any listings of webpages (which includes, and is ordinarily restricted to, your webpage navigation menus).
Imagine if you go to WP-Content/plugins, can you view that folder? If so, upload this blank Index.html file into see that folder as well so people can't see what plugins you might have. Because even if your current version of WordPress is current, if you are using a plugin or an old plugin with a security hole, then someone can use this to get access.
Do your homework and some hunting, but if you are pressed for time and want to get this done once and for all, try the WordPress security plugin that I use. It's a relief to know that my website (and company!) are secure.