While the Moodle data directory stores files uploaded by students and some larger files, the Moodle database stores most of the information in your Moodle site. By default, the installer uses the moodle database name and the moodleuser username. Using these default settings gives any hacker a head start on breaking into your site. When creating your database, change these to something less common. At least make the hackers guess the name of your database and the database username.
You should also choose a strong password for the Moodle database user. The following are some recommendations for strong passwords:
- Include at least one number, one symbol, one uppercase letter, and one lowercase letter
- Make the password at least 12 characters long
- Avoid repetition, dictionary words, letter or number...