In my opinion, the best way to ensure your fix wordpress malware attack that is is via using a WordPress backup plugin. This is a fairly inexpensive, easy and elegant to use way to make sure that your website is accessible to you in case of a disaster.
The approach, and the one I recommend, is to use one of the password creation and storage plugins available for your browser. I believe after a free trial period, you need to pay for it, although RoboForm is liked by many people. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate secure passwords for you.
You need to create a user with administrator rights before you can delete the default admin account. To do this go to your WordPress Dashboard and click on User -> Create New User. Enter all the information you need to enter.
Make a note of your password! I suggest the paid or free version of the software that is secure *Roboform* to remember your passwords.
Using a plugin for WordPress security makes sense. Backups will need to be performed on a regular basis. Don't become a victim of not website link being proactive about your 16, as a result!