While the Moodle data directory stores files uploaded by students, and some larger files, the Moodle database stores most of the information for your Moodle site. By default, the installer uses the database name
moodle and the username
. Using these default settings gives any hacker a head start on breaking your site. When creating your database, change these to something less common. At least make the hackers guess the name of your database and the database username.
You should also choose a strong password for the Moodle database user. Here are some recommendations for strong passwords: