It is easy to setup and run your WordPress Site but difficult to protect from hackers and spam. That’s why I choose to adopt the free WordPress.com which helps me to focus on contents.
When I setup WordPress for my customers, I will secure wp-config.php and limit the database account to current WordPress database only. It prevent access to the WordPress configuration file which contains the database account and password in non-encrypted format. Even if they get the file, the database user account is limited to access the WordPress database.