By default, the newest version of WordPress is pretty darn secure. The development team of WordPress has considered anything that might have been added to any fix wordpress malware plugin plugins. Before, WordPress did have holes but now most of them are filled up.
The stronger approach, and the one I recommend, is to use one of the generation and storage plugins available for your browser. People like RoboForm, but I think after a free trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those of you who use Firefox or Internet Explorer. That will generate secure passwords for you; you use one master password to log in.
It represents a task that is essential while it's an odd click this link term : making a WordPress backup of your site to work on offline, or in case something should go amiss. We're not only being obsessive-compulsive here: servers go down every day, despite their claims of 99.9% uptime, and if you've had this happen to you, you know the fear is it can cause.
Now we are getting into things specific to WordPress. You have to rename it to config.php and modify the file config-sample.php, when you install WordPress. You need to set up the database facts there.
However, I advise that you install the Login LockDown plugin rather than any.htaccess controls. That will stops login requests from being allowed from a for an hour or so after three unsuccessful login his explanation attempts. You can access your admin cell while and yet you still have good protection against hackers, if you accomplish this.