By default, the latest version of WordPress is pretty darn secure. Anything which may have been added to any fix hacked wordpress database plugins has been considered by the development team of WordPress . Before, WordPress did have holes but now most of them are filled up.
Do not depend on your Web host - Many people depend on their web host to"do all that technical stuff for me", not realizing that sometimes, they do not! Far better to have the responsibility lie with you, instead of out of your control.
There is a section of config-sample.php that's headed"Authentication look here Unique Keys." There are four definitions which appear within the block. A hyperlink is within that section of code. You need to enter that link in your browser, copy the contents that you get back, and replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically imp source generate a"logged-in" cookie for your website.
Can you view that folder, what if you go to WP-Content/plugins? If so, upload this blank Index.html file inside that folder as well so people can't see what plugins you might have. Someone can use that to get access because even if your version of WordPress is current, if you're using a plugin or an old plugin using a security hole.
Do not use wp_. Web hosting providers are currently removing that default but if yours doesn't, fix wp_ to reference anything else but that.