Allow me to shoot a scare tactics your way since scare tactics seem to be what drives some people to take secure your wordpress site a little more seriously, or at the very least start thinking about the problem.
The stronger approach, and the one I recommend, is to use one of the password generation and storage plugins available for your browser. Many people like RoboForm, check this site out but I think after a free trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate secure passwords for you; you use one master password to log in.
There's a section of config-sample.php that is headed"Authentication Unique Keys." There are. A hyperlink pop over to these guys is inside that part of code. You want to enter that link in your browser, copy the contents which you return, and replace the keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically create a"logged-in" cookie for your website.
You could also get an SSL Encyption Security for your WordPress blogs. The SSL Security makes encrypted and secure communications with your blog. You can also keep history of communication and the all of the cookies so that all transactions are recorded. Make sure all your sites get SSL security for utmost protection from hackers.
Change your WordPress i thought about this admin and password username, or your password, often and collect and utilize other WordPress safety tips to keep hackers out!