By default, the newest version of WordPress is pretty darn secure. The development team of WordPress has considered anything which may have been added to any rename your login url to secure your wordpress website plugins. Before, WordPress did have holes but now most of them are stuffed up.
Backup plug-ins is also significant. You need to backup database and all the files you can easily bring your site back like nothing happened.
Move your wp-config.php file up one directory from the WordPress root. WordPress will search for it there if it can't be found in the root directory. Additionally, nobody will be able to read the document unless you can try this out they've SSH or FTP access to your server.
Make a note of your new password! I recommend the version of the software that is secure *Roboform* to remember your passwords.
You don't always think about needing security, when your site is new but you do look at these guys need to protect yourself and your investment. Having a site go down and not being able to restore it quickly may mean a loss of customers who probably won't remember to look for your site again later and can not find you. Don't let this happen to you. Back up your site after you get it started, as the site is operational and schedule backups for as long. This way, you'll have WordPress security and peace of mind.