Since scare tactics seem to be at least start thinking about the problem, or what compels some people to take fix wordpress malware attack a bit more seriously, let me shoot a scare tactics your way.
Essentially, it will all start with the basics. Attempt using complex passwords. Use spaces, numbers, special characters, and letters and combine them to make a special read the article password. You can also use usernames that are not obvious.
A snap to move - If, for some reason, you need to relocate your site, like a domain name change or a new hosting company, having your files at your fingertips can save you oodles of time, headache, and the demand for tech help.
Now we are getting into things. You have to rename it to config.php and modify the file config-sample.php, when you install WordPress. You will need to deploy the database facts there.
Do check this site out your homework and some hunting, but if you're pressed for time and want to get this done once and for all, try great post to read out the WordPress safety plugin that I use. It is a relief to know that my website (and company!) are secure.