Since scare tactics appear to be what drives some people to take rename your login url to secure your wordpress website a bit more seriously, or at the very least start considering the problem, let me shoot a scare tactics your way.
The one I recommend, and the approach, is to use one of the password creation and storage plugins available for your browser. RoboForm is liked by people, but I think after a trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate passwords for you; you use one master password to log in.
Keeping your WordPress site up-to-date is one of the simplest things More hints you can do. For the last few versions, WordPress has included the ability to set up updates. Not only that, but websites are notified whenever a new upgrade becomes available.
Now we're getting into things. You must rename it to config.php and modify the document config-sample.php, when you install WordPress. You will need to set up the database facts there.
However, I advise that you install the Login LockDown plugin in place of any.htaccess controls. From being permitted after three failed login attempts from a specific IP address for an hour, login requests will stop. If you do that, you may get into your panel whilst away from your workplace, and yet you have good protection against hackers.