By default, the newest version of WordPress is pretty secure. The development team of WordPress has considered anything that might have been added to some fix wordpress malware protection plugins. Before, WordPress did have holes but most of them are filled up.
There are ways to pull this off, and many involve copying and FTPing files, exporting and re-establishing more and databases. Some of these are very complex, so it is important that you select the one that is right. Then you might want to look into using a plugin for WordPress backups, if you're not of the technical persuasion.
First in line is creating a password to your account. Passwords must be made with characters and numbers. You can combine them and make plus altered letters. Smarter passwords can be your gateway to zero hackers. Make passwords that only you can think of.
Now we're getting into things. You must rename it to config.php and find out here now alter the document config-sample.php, when you install WordPress. You will need to deploy the database facts there.
Do not use wp_ as a prefix for your databases. That default is being eliminated by web hosting providers but if yours doesn't, fix wp_ to anything else but that.