Allow me to shoot a couple of scare tactics your way since scare tactics appear to be what compels some people to take secure your wordpress website a little more seriously, or at the very least start considering the problem.
The approach, and the one I recommend, is to use one of the password creation and storage plugins available for your browser. I think after a free trial period, you need to pay for it, although Lots of people like RoboForm. I use the free read here version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate secure passwords for you; you use one master password to log in.
In case you ever wish to migrate your website elsewhere, like a new web host, you'd have the ability to pull this off without a hitch, and also without having to disturb your old site until the new one was in place and ready to roll.
It's time to sign up for a Facebook account and use identity to pose as your buddy and this individual's name. Once I get it all set up, I'll be telling you posing as your friend and asking you to be friends with me on Facebook (or Twitter, or whichever societal site).
Those are. Set a blank Index.html file in your folders, run your web host security scan and backup your entire account.