fix wordpress malware will also tell you that there is no htaccess in the directory. You can put a.htaccess file if you wish, and you can use it to control access to the wp-admin directory by IP address or address range. Details of how to do that are available on the net.
The approach, and the one I recommend, is to use one of the creation and storage plugins available for your browser. RoboForm is liked by many people, but I believe after a trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those of you who use Internet Explorer or Firefox. That will generate passwords for you.
First in line is currently creating a password to your account. Passwords must be made with characters and numbers. You can combine them and make plus shifted letters. Smarter passwords can be your gateway to zero hackers. Make passwords that are difficult that only you can think of.
Now we are getting into things specific to WordPress. Whenever you install WordPress, you have to edit the document config-sample.php and rename it to config.php. You need to install the database details there.
I prefer to use a WordPress plugin to get the job done. Make sure that the plugin you choose is able to do backups, has restore performance, have a peek at this website and can clone. Also be sure that it is frequently updated to keep pace with all versions of WordPress. There is not any use in not working, and backing your data up to a plugin that's out of date.