Okay, you got me: WordPress security isn't the sexiest way to spend your time, but it could end up being one of the most profitable! Nothing is more caustic to the lining of your stomach than having your site go down, and wondering whether or not you've lost it all.
how to fix hacked wordpress will tell you that there's no htaccess from the wp-admin/ directory. You may put a.htaccess file within this directory if you wish, and you can use it to control access to the directory by IP address or address range. Details of how to do that are available on the net.
Do not depend on your internet host - Many people depend on their web host to"do all that technical stuff for me", not realizing that sometimesthey don't! Far better to have the responsibility lie with you, instead of out of your control.
1 thing you can take is to delete the default administrator account. This is important because if you do not do it, malicious user know a user name which they could try to crack.
Black and whitelists pathological-looking view publisher site phrases based on which field they look within. (unknown/numeric parameters vs. known post additional hints bodies, comment bodies, etc.).
However, I advise that you install the Login LockDown plugin in place of any.htaccess controls. From being allowed after three unsuccessful login attempts from a certain IP address for one hour login requests will stop. You can get into your admin panel whilst and yet you have good protection against hackers, if you do that.