Install the secure your wordpress website Firewall Plugin. Stop and this plugin investigates net requests with heuristics that are straightforward to identify attacks that are obvious.
Everything you have worked for will proceed with this should your website's server go down. You will make no sales, get signups or no visitors to your site, and in short, you are out of business check until you have the website.
Move your wp-config.php file up one directory from the WordPress root. WordPress will look for it if it cannot be found in the root directory. Also, nobody will be able to read the file unless they have FTP or SSH access to your server.
As I (our untrue Joe the Hacker) know, people have way too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, internet hosting, etc. accounts that all include logins and passwords you need to remember.
Do your homework and some searching, but if you are pressed for time and need to get this try out the WordPress security plugin that I use. It's a relief to know that my site (and company!) are secure.