Since scare tactics seem to be at the very least start thinking about the problem, or what compels some people to take secure your wordpress website a bit more seriously, let me shoot a scare tactics your way.
I protect an access to important files on the site's server by placing an index.html file in the particular directory, that hides the files from public view.
You must create a new user with administrator rights before you can delete the default admin account. To do this go to your WordPress Dashboard and click on User -> Create useful reference New User. Then enter all the information you will need to enter.
As I (our fictitious Joe the Hacker) understand, people have far too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts that all come with logins and passwords you need to remember.
I prefer using a WordPress plugin to get Get the facts the work done. Just make sure is in a position to do backups, has restore and can replicate. Be sure it is frequently updated to keep pace with all versions of WordPress. There's absolutely no use in not functioning, and backing up your data to a plugin that's out of date.