By default, the newest version of WordPress is pretty secure. Anything that might have been added to some fix hacked wordpress plugins has been considered by the development team of WordPress . In the past , WordPress did have holes but most of them are stuffed up.
I protect an access to important files on the site's server by putting an index.html file in the particular directory, that hides the files from public view.
I don't think there is a person out there that after learning just link how much of a problem WordPress hacking is that it is a fantastic idea to enhance the safety of their blogs. But something I've noticed over the years is that when it comes to securing their blogs, bloggers seem to be stuck in this state that is reactive.
BACK UP your website regularly and keep a copy on your own computer and off-site storage. Back up daily if you have a site this link that is very active. You spend a lot of money and time on your site, don't skip this! The one complete solution that does it all is BackupBuddy, no back up your documents, widgets, database and plugins. Need to move your website this will do it!
However, I advise that you set up the Login LockDown plugin as opposed to any.htaccess controls. That will stops login requests from being permitted from a specific IP-ADDRESS for an hour or so after three unsuccessful login attempts. You can still access your admin mobile while from your office, and yet you have protection against hackers, if you accomplish this.