It was Monday morning and I was on a call with a dozen others who are my peers. Each of us helps the small business owner with their businesses in one way or the other. It was at the end of the call and we were each sharing our websites and going over how to make little improvements here and there. Time was running out and there was just enough time for one more website review, I volunteered. As my site was coming up for all to see suddenly the screen turned a maroon red with an outline of a security officer with his hand stretched out and the words of"don't precede malware danger." There was more but I was too horrified to remember exactly what it said. I was concerned about my website on being destroyed plus humiliated the people on the call visit the site had seen me so vulnerable that I had spent hours.
Finally, fix hacked wordpress site will even tell you that there's not any htaccess in the wp-admin/ directory. You can put a.htaccess file if you desire, and you can use it to control access by IP address to the wp-admin directory or address range. Details of how to do that are readily available on the internet.
A simple way would be to use a few tools that are built-in. To begin with, do not allow people run a web host security scan to list the files in your folders and automatically backup your whole web hosting account.
I don't think there is a person out there that after learning just how much of a problem WordPress hacking is that it is a fantastic idea to boost the safety of their blogs. However is that when it comes to securing their blogs, bloggers seem to be stuck in this reactive state.
It's really sexy to fan the flames of fear. That is what bloggers and journalists and politicians and public figures mostly do. It's terrific for readership and it brings money. Balderdash.
Do not use wp_. Web hosting providers are currently removing that default but if yours doesn't, fix wp_ to anything else but that.