By default, the latest version of WordPress is pretty darn secure. The development team of WordPress has considered anything that might have been added to any fix hacked wordpress plugins. In the past , WordPress did have holes but most of them are stuffed up.
Truth is, if a master of this script targets your website, there is actually no way. Everything you are about to read below are a few actions you can take to minimize the risk to an acceptable degree. Odds are a hacker would prefer picking more easy victim, another if your WordPress site is well protected.
You first must create a new user, before you can delete the default admin account. To do this go to your WordPress Dashboard and click on User -> Create New User. Then enter all of the information you need to enter.
Imagine if you go to WP-Content/plugins, can you view that folder? If so, upload this blank Index.html file inside that folder as well so people can not view what plugins you have. Because even if your version of WordPress is current, if you're using an old plugin or go to this site a plugin with a security hole, then someone can use that to get access.
These are a few of the things I do to protect my blogs. Fantastic thing is they don't require much time to do. These are also solutions, which can be done.