There's a portion of config-sample.php that's headed'Authentication Unique Keys.' Four explanations that appear within the block will be found by you. There is a hyperlink secure your wordpress website inside that section of code.You change the keys you have with the special keys given by the website, copy the contents that you return, and have to enter that link into your browser. This makes it harder for attackers to rapidly create a'logged-in' dessert for your website.
Also, don't make the mistake of thinking that your web host will have your back so far as WordPress backups go. Not always. It has been my experience that the company may or may not be doing backups while they say that they do. Take that kind of chance?
Before you can delete the default admin account, you must create a user with administrator rights. To do this go to your WordPress Dashboard and click on User -> Create New User. Then enter all of the information you will need to enter.
You can extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think this plugin is a fantastic option and you can use it.
You do not always consider needing security, when read this article your website is new but you do have to protect yourself and your investment. Having a site go down and not being able to restore it quickly may mean a loss of customers who find this won't remember to look for you can try this out your website again later and can not find you. Don't let that happen to you. Back up your site as soon as you get it started, as the website is operational, and schedule backups for as long. This way, you'll have peace and WordPress security of mind.