Finally, fix wordpress malware fix will even tell you that there's no htaccess in the wp-admin/ directory. You can put a.htaccess file if you wish, and you can use it to control access by IP address to the wp-admin directory or address range. Details of how to do that are easily available on the internet.
You can search. It is easy to restore your site with the use of your backup files and change, if hackers YOURURL.com abruptly hack your site.
Is to delete the default administrator account. This is important because if you don't do it, a user name which they could try to crack is known by malicious user.
Now it's time to register for a Facebook account and use identity to pose as your buddy and this individual's name. Once I get it all set up, I'll be emailing you posing as your friend and asking you to be friends with me on Facebook (or Twitter, or whichever societal site).
Implementing all the above will take less than an hour to complete, while making your WordPress website more immune additional reading to intrusions. Over 1 million WordPress sites were cracked this past year, largely due to easily preventable safety gaps. Have yourself prepared and you're likely to be on the safe side.