how to fix hacked wordpress will inform you that there's no htaccess inside the directory. You can put a.htaccess record in to this directory if you want, and you can use it to manage usage of the wp-admin directory from Ip Address address or address range. Details of how you can do this are plentiful around the internet.
Safeguard your login credentials - Do not keep your login credentials where a hacker might find them. Store them off, as well as offline. Roboform is very good for protecting them, also. Food for thought!
Is to delete the default administrator account. This is critical because if you pop over to this web-site don't do it, malicious user know a user name that they could try to crack.
Security plug-ins that were all-Rounder can be thought of as a security checker that was full. They scan and check the site and give you information about the weaknesses of the site.
Do your homework and some hunting, read this post here but if you're pressed for time and want to get this done once and for all, try out the WordPress security plugin that I use. It is a relief to know that my site (and business!) are secure.