Year and a half taught us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the world's high traffic websites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a tempting prey for hackers.
Finally, fix wordpress malware will tell you that there is not any htaccess in the wp-admin/ directory. You can put a.htaccess file if you wish, and you can use it to control access to the directory from IP address or address range. Details of how to do company website that are available on the net.
There are ways to pull this off, and many involve copying and FTPing files, exporting and re-establishing more and databases. Some of these are very complex, so it is important that you select the best one. Then you may want to check into using a plugin for WordPress backups if you're not of the persuasion that is technical.
Maintain control of your online assets - Nothing is worse than getting your livelihood in the hands of somebody else. Why take chances with something as important as your website?
Now we're getting into matters. You have to rename it to config.php and alter the document config-sample.php, when you install WordPress. You need to set up the database facts there.
Those are. Set a blank Index.html file in your folders, run your web host security scan and backup your whole account.