Install the how to fix hacked wordpress Firewall Plugin. This plugin investigates requests to identify and stop attacks that are obvious.
The stronger approach, and the one I recommend, is to use one of the creation and storage plugins available on your browser. I think after a free trial period, you need to pay for go to the website it, although RoboForm is liked by many people. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate passwords for you; you use one master password to log in.
In case you ever want to migrate your website elsewhere, such as a new hosting company, you'd be able to pull this off without a hitch, and also without needing to disturb your old site until the Continue new one was in place and ready to roll.
Now we're getting into matters. You must rename it to config.php and modify the document config-sample.php, when you install WordPress. You will need to deploy the database facts there.
Of course you can install more plugins to make your shop like share buttons or automated backup plugin. That's all. Your shop is now up and running!