A half and year educated us that WordPress security should not be dismissed by any means. Between 15% and 20% of the planet's high traffic sites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
Installing the fix hacked wordpress database Scan plugin will check all this for you, and alert you that you might have missed. It will also tell you that a user named"admin" exists. That is the administrative user name. If you wish, you can follow a link and find directions for changing that name. Personally, I think that a password is protection that is good, and there have been no attacks on the sites that I run, since I followed these steps.
Safeguard your login credentials - Do not keep your login credentials where a hacker might locate them. Store them offsite, as well as offline. Roboform is for protecting them good , read the article too. Food for thought!
Move your wp-config.php file up one directory from the WordPress root. WordPress will search for it if it cannot be found in the root directory. Also, nobody else will be able to read the document unless they've FTP why not look here or SSH access.
Now we are getting into things specific to WordPress. You have to rename it to config.php and modify the document config-sample.php, when you install WordPress. You will need to set up the database facts additional hints there.
But realize that online security is. Do not only be the reactive type, take steps to start today, protecting yourself. Don't let Joe the Hacker make your life miserable and turn all that you've worked so hard.