how to fix hacked wordpress will even tell you that there's no htaccess in the directory. You may put a.htaccess file into this directory if you desire, and you can use it to control access from IP address to the directory or address range. Details of how to do that are easily available on the net.
The one I recommend, and the approach, is to use one of the creation and storage plugins available on your browser. I believe after a trial period, you have to pay for it, although many people like RoboForm. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate passwords for you.
You must create a new user, before you can delete the default admin account. To do this go to your WordPress Dashboard and click on User -> Create New User. Enter all of the information you will need to enter.
You may extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. I think you can use it for free and this plugin is a fantastic option.
Bear in mind that the security of your blogs depend on how you manage them. Make sure that you follow these recommended you read basic strategies to avoid hacks and exploits on your blogs go to my site and websites.