Don’t use “wp_” as a table prefix.
Don’t use “admin” as any login name.
Use the salts built into the wp-config file (they give the URL to copy in your own).
If you do that + keep up to date and only use popular and up to date plugins you should be good.
If you have full control over the server and you’re not on a shared host I have more tips :)