These two settings inside the index.php file should be changed to random strings. The folder names should also be changed to match as well.

/*
*---------------------------------------------------------------
* SYSTEM FOLDER NAME
*---------------------------------------------------------------
*
* This variable must contain the name of your "system" folder.
* Include the path if the folder is not in the same  directory
* as this file.
*
*/
$system_path = 'system';

/*
*---------------------------------------------------------------
* APPLICATION FOLDER NAME
*---------------------------------------------------------------
*
* If you want this front controller to use a different "application"
* folder then the default one you can set its name here. The folder
* can also be renamed or relocated anywhere on your server.  If
* you do, use a full server path. For more info please see the user guide:
* <a href="http://codeigniter.com/user_guide/general/managing_apps.html">http://codeigniter.com/user_guide/general/managing_apps.html</a>
*
* NO TRAILING SLASH!
*
*/
$application_folder = 'application';

You may be wondering to yourself: “why does it matter?”. It matters when you DO NOT want your application fingerprinted as a codeigniter application by a hacker. One of the first things some of these guys (or gals) do is run a directory fuzzer on your server. That fuzzer makes requests to your server through a list of common directory names. Believe me, the two terms ‘application’ and ‘system’ is early on in that list, I tried it.

Give a hacker as little information about the internals of your program as possible and make it a bit more secure.