fix malware problems free will tell you that there is not any htaccess from the directory. You can put a.htaccess file within this directory if you desire, and you can use it to control access to the wp-admin directory or address range. Details of how to do that are available on the internet.
Strong passwords - Do what you can to use a password, alpha-numeric, with upper and lower case and special characters. Easy to remember passwords are easy to guess!
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it if it can't be found in the root directory. Also, nobody else will look at these guys be able to read the file unless they have SSH or FTP access to your server.
As I (our fictitious Joe the Hacker) know, people have far too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, web hosting, etc. accounts that all come with logins and passwords you will need to remember.
These are only a few of the things I do to secure my blogs. Thing is they don't require much time to do. These are simple solutions, which can be carried out easily.