By default, the newest version of WordPress is pretty secure. The development team of WordPress has considered anything that might have been added to any fix malware problems free plugins. In the past , WordPress did have holes but now most of additional resources them are filled up.
Truth is, if your website is targeted by a master of the script, there is no way to prevent an intrusion. Everything you are about to read below are some measures you can take to minimize the threat. Odds are a hacker would prefer choosing more easy victim, another if your WordPress site is protected.
Before you can delete the default admin account, you must create a user. To do this go to your WordPress Dashboard and click on User -> Create New look these up User. Enter all of the information you need to enter.
What if you visit WP-Content/plugins, can you see that folder? If so, upload this blank Index.html file inside that folder as well so people can't view what plugins you might have. Someone can use that to get access because if your existing version of WordPress is current, if you're using a plugin or image source an old plugin using a security hole.
Implementing all of the above will probably take less than an hour to complete, while creating your WordPress website more immune to intrusions. Sites were last year, largely due to easily preventable security gaps. Have yourself prepared and you're likely to be on the safe side.