Finally, fix wordpress malware plugin will also tell you that there's no htaccess from the wp-admin/ directory. You may put a.htaccess file if you wish, and you can use it to control access by IP address to the wp-admin directory or address range. Details of how to do this are available on the net.
The one I recommend, and the approach, is to use one of the password generation and storage plugins available on your browser. I think after a free trial period, you need to pay for it, although RoboForm is liked by Lots of people. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate passwords for you.
Keeping your WordPress site up-to-date is one of the easiest things you can do. For the last few versions, the ability to set up updates has been included by WordPress. Not only that, but websites are notified whenever a new upgrade becomes available.
Can you see that folder Imagine if you visit WP-Content/plugins? If so, upload that blank Index.html file into that folder as well so people can't see what plugins you might have. Because even if your current version of WordPress is current, if you are using an old plugin or a plugin using a security hole, then someone can use that to get access.
But realize that online security is. Do not look here only be the reactive type, take action to start protecting yourself today. Do not let Joe the Hacker make your life miserable and turn all in creating come crashing down in a matter of moments, that link you've worked hard.