changing connection strings password, etc. to prevent unauthorized access

I gave my WP and Godaddy passwords to someone who did some work on my WP sites. Now I wish to change my passwords so again only I have access to my hosting account, sites, AND WP SITES. I changed my Godaddy account and email passwords, and the FTP password, as Godaddy directed. Even though Godaddy does not give support for WP, their representatives gave me conflicting advice on how to prevent unauthorized access to my WP sites by the person who had previous access.
1. Changing my password (as the admin) to my WP site (I figure in the dashboard under users) is not enough. I would need to hire a web developer to go in and change the connection strings and database (passwords?)?
2. Changing my password (as the admin) to my WP site would automatically update/change both the passwords for the database and the connection strings, because “they share the same password.” I don’t know much about any of this, or which ones “they” are.

Which, if any, of the two ideas above are correct? I have changed my passwords (as admin) to my WP sites. Is there any more I need to do?

(PS. Godaddy did help me set up login and password for any future FTP user who may work on my website. Never knew of such a thing. I suppose that just gives someone else access to my Godaddy FTP client, and I control that person’s user name and password.)