Last year and a half taught us that WordPress security should not be dismissed by any means. Between 15% and 20% of the world's high traffic websites are powered by WordPress. The fact it is an Open Source platform and everybody has access to its Source Code makes it a tempting prey for hackers.
By default, the latest version of WordPress is pretty darn secure. The development team of WordPress has considered anything that might have been added to any fix hacked wordpress site plugins. Before, WordPress did have holes but most of them are filled up.
Do not depend on your Web host see post - Many people depend on their web host to"do all that technical stuff for me", not realizing that sometimesthey don't! Far better to have the responsibility lie rather than out.
You first must create a new user, before you can delete the default admin account. To do this go to your WordPress Dashboard and click on User -> Create informative post New User. Then enter all of the information you will need to enter.
You may extend the view it plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. I think you can use it and this plugin is a good option.
But realize that online security is something that you really need to start thinking about. Do not only be the type that is reactive, take action to start protecting yourself. Don't let Joe the Hacker make your life miserable and turn all that you've worked so hard in creating come crashing down in a matter of seconds.