Installing the fix wordpress malware plugin Scan plugin will check all this for you, and alert you that you may have missed. Additionally, it will tell you that a user named"admin" exists. That is the administrative user name. If you desire you can follow a link and find instructions for changing that name. I personally think that a my response strong password is protection that is good, and there have been no attacks on the blogs that I run because I followed these steps.
There are ways to pull this off, and a lot of them involve re-establishing databases and much more and FTPing files, exporting and copying. Some of them are very complicated, so it is imperative that you go for the right one. If you are not of the persuasion that is technical, then you might want to look into using a plugin for WordPress backups.
Harness Scanner goes in search of anything suspicious through the files on your website post, comment and database tables. It also informs you for plugin names that are unusual. It does not remove anything, it warns you for threats.
Install the WordPress Firewall Plugin. Prevent and this plugin investigates web requests to identify attacks.
However, I recommend that you install the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being allowed after three failed login attempts from a specific IP address for one hour. You may access your admin panel while away from your workplace, and yet you still have protection against hackers, if you do so.