how to fix hacked wordpress site will also tell you that there is no htaccess in the wp-admin/ directory. You can put a.htaccess file if you wish, and you can use it to control access from IP address to the wp-admin directory or address range. Details of how to do that are easily available on the internet.
Strong passwords - Do your best to use a strong password, alpha-numeric. Easy to remember passwords are also easy to guess!
In case you ever wish to migrate your website elsewhere, such as a new hosting company, you'd be able to pull this off without a hitch, and also without having to disturb your old site until the new one was in place and ready to roll.
As I (our untrue Joe the Hacker) know, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts which all include logins and passwords you will need to remember.
Do official statement your homework and some searching, but if you are pressed for time and need to get this try the WordPress security plugin that I use. It's a relief to know that my site (and business!) are secure.