You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
Finally, installing the fix hacked wordpress database Scan plugin alert you that you might have missed, and will check all this for you. Additionally, it will tell you that a user named"admin" exists. Of course, that is the user name. If you wish, you can follow a link and find directions for changing that title. I believe that a strong password is enough protection that is good, and there have been no attacks on the blogs that I run since I followed these steps.
Don't make the mistake of believing that your hosting company will have your back so far as WordPress backups go. Not always. It's been my experience that the company may or might not be doing backups, while they say that they do. Why take that kind of chance?
I don't think there's a person out there that after learning how much of a problem WordPress hacking is that it's a good idea. However, something I've noticed through the years is that when it pop over to these guys comes to securing their sites, bloggers seem to be stuck in this state.
Can you see that folder, what if you go to WP-Content/plugins? If so, upload that blank Index.html file inside that folder as well so people can not view what plugins you have. Because if your version of WordPress is current, if you're using an old plugin or a plugin using a security hole, then someone can use this to get access.
However, I advise that you set up the Login LockDown plugin instead of any.htaccess controls. From being allowed after three failed login attempts from a certain IP address for an hour, login requests will stop. You can access your panel while and yet you have protection against hackers, if you do so.