Finally, fix wordpress malware cleanup will inform you that there's no htaccess inside the directory. You can place a.htaccess record in to this directory if you want, and you can use it to handle this wp-admin directory from Ip Address address or address range. Details of how you can do that are plentiful around the net.
If you're one of the proactive ones, I might find it somewhat more difficult to crack your password. But if you're among those ones that are reactive, I might get you.
Maintain control of your online assets - Nothing is worse useful source than getting your livelihood in the hands of someone else. Why take chances with something as important as your site?
Now we're getting into things. You must rename it to config.php and modify the document config-sample.php, when you install WordPress. You need to set up the database facts there.
When your site is new, you don't always consider needing security but you do need to protect your investment and yourself. Having a site go down official website and not having the ability to restore it quickly can mean a major loss of customers who can not find you and probably won't remember to look for your site again later. Don't let this happen to you. Back up your site after you get it started, as the site is operational, and schedule backups for as long. That way, you will have peace and WordPress security of mind.