fix wordpress malware cleanup will also inform you that there is no htaccess inside the directory. You can place a.htaccess record into this directory if you would like, and you can use it to handle the wp-admin directory by Ip Address address or address range. Details of how you can do this are plentiful around the internet.
Protect your login credentials - Don't keep your login credentials where a hacker could find them. Store them off, read review and even offline. Roboform is for protecting them good , too. Food for thought!
Move your wp-config.php file one directory up from the WordPress root. WordPress will search for it there if it cannot be found in the root directory. Also, nobody else will have the ability to read the file unless they've SSH or FTP access.
It's really sexy to fan the flames of fear. That's what journalists and bloggers and politicians and public figures do. It's great for readership and it brings money. Balderdash.
Do your homework and some hunting, but if you are pressed for time and want to get this try out the WordPress safety plugin that I use. It's a relief to know that my site (and company!) are secure.