We've seen many cases where sites are hacked and people automatically start assuming the cause of the breach.

WHMCS has been extremely secure and would be one of the last areas we would look at for a successful security breach.

As stated previously, strong passwords are always highly recommended. At least 8 characters, combination of upper and lower case and use some special characters too.

Frequently we'll take a movie title and obfuscate it. Take Oceans 11. It could become a password like: $0C3@n$_eLEv3N#

This becomes a little bit easier to remember than something just totally random.

Also while renaming the admin folder falls under security through obscurity, it does offer an additional layer of protection from the automated tools used by so many cybercriminals. The more layers the better.