Security of your WP site is more than that (admin user, database password), although that is a good start. I’d
- create admin-level user that is not named ‘admin’, with a strong password. You could even change the user id so that it’s not #2 (it’s easy enough to enumerate users by id).
- create a strong password for your database
- use a different prefix for your database
- create strong credentials for your hosting place
- create strong credentials for FTP users (and only use SFTP)
- remove features (plugins/themes) that you are not using
- keep everything updates: WP, themes, plugins, PHP
- use PHP version 7.x+
- regular backups – off-host
- htaccess security
- disable RPC
And that’s probably just the beginning. There are good resources on the WP site (and other reputable sites) for WP security – ask the googles/bings/ducks .