Finally, fix wordpress malware will also tell you that there is no htaccess in the directory. You may put a.htaccess file within this directory if you wish, and you can use it to control access from IP address to the wp-admin directory or address range. Details of how to do that are readily available on the internet.
Is also important. You need to backup database and all the files you can easily bring back your site like nothing happened.
Move your wp-config.php file one directory up from the WordPress root. WordPress will search for it if it cannot be found in the main directory. Also, nobody else will have the ability to read the file unless they've FTP or SSH access.
Make a note of your new password! I recommend the free or paid version of the secure software *Roboform* to remember your passwords.
Don't use wp_ as a prefix for your own databases. Most web hosting providers are currently removing that default but if yours does not, fix wp_ straight from the source to anything else but that.