how to fix hacked wordpress site will tell you that there's no htaccess from the wp-admin/ directory. You may put a.htaccess file within this directory if you wish, and you can use it to control access to the wp-admin directory from IP address or address range. Details of how to do this are easily available on the net.
Backup plug-ins is also important. You want to backup all the database and files so in the event of a sudden attack, you can bring your site back like nothing.
A snap to move - If, for some reason, you want to relocate your site, such as a domain name change or a useful reference new hosting company, having your files at your fingertips can save you oodles of time, headache, and the need for tech help.
Note that you should try this last step for setups. You have to change the table names within the database, if you might like to get it done for installations.
However, I recommend that you set up the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being permitted after three unsuccessful browse around this site login attempts from a certain IP address for an hour. You may get into your panel whilst and yet you have great protection against hackers, if you do that.