The fix wordpress malware cleanup Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either through an FTP client or within the administrative page from your hosting company.
Safeguard your login credentials - Don't keep your login credentials where they might be found by a hacker. Store them offsite, as well as offline. Roboform is for protecting them good . Food for thought!
You need to create a new user, before you can delete the default admin account. To do this go to your WordPress Dashboard and click on User -> Create New User. Enter all the information you need to enter.
Make a note of your password for the next time you sign in! I recommend the paid or free version of the software that is protected *Roboform* to remember your passwords.
I prefer to use a WordPress plugin to get the job done. Make sure that the plugin you select is in a like this position to do select copies, has restore and can clone. Be sure it is often updated to keep pace. There's absolutely not any use in backing your data up to a plugin that is out of date, and not working.