By default, the latest version of WordPress is pretty darn secure. Anything which may have been added to any fix hacked wordpress database plugins has been considered by the development team of WordPress . Before, WordPress did have holes but now most of them are stuffed up.
Don't depend on your Web host - Many men and women depend on their web host to"do all that technical stuff for me", not realizing that sometimes, they do not! Far better to have the responsibility lie with you, instead of out of your control.
For me it's a WordPress plugin. They're drop dead simple to install, have all the features you need for a job such as this, and are relatively cheap, especially when compared to having to employ someone to site here get this done for you.
Now we are getting into matters specific to WordPress. You have to rename it to config.php and modify the document config-sample.php, when you install WordPress. You need to deploy the database facts there.
Don't use wp_ as a prefix for your own databases. That default YOURURL.com is being eliminated by web hosting providers but if yours doesn't, fix wp_ to anything but that.