Installing the fix hacked wordpress Scan plugin will check most of this for you, and alert you to anything that you may have missed. It will also inform you that a user named"admin" exists. Of course, that is your user name. You find directions for changing that title, if you desire and can follow a link. Personally, I believe that a password is good enough protection, and there have been no successful attacks on the sites that I run, because I followed these steps.
A simple way to maintain WordPress safe would be to use a few built-in tools. To begin with, do not allow people run a web host security scan, to list the files in your folders and automatically backup your entire web hosting account.
Yes, you want to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. If you make changes and regular additions to your site, definitely. If you make changes multiple times every day, or have a community of people which are in there all the time, a daily backup should be a minimum.
You may extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think you can use it and this plugin is a good option.
When your site is new, you do not always think about needing security but you do have to protect yourself and your investment. Having a site go down and not being able to click to read more restore it quickly may mean a big loss of customers who won't remember to search for your site later and can not find you. Do not informative post let that happen to you. Back your site up after you get it started, as the website is operational, and schedule backups for as long. That way, you will have WordPress security and peace of mind.