You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
By default, the newest version of WordPress is pretty secure. The development team of WordPress has considered anything that might have been added to some fix malware problems free plugins. Before, WordPress did have holes but now most of them are filled up.
It all will start with the basics. Try using complex passwords. Use spaces, numbers, special characters, and letters and combine them to make a password that is unique. You can use usernames that are not obvious.
Maintain control of your online assets - Nothing is worse than having your livelihood in the hands of somebody else. Why take chances with something as important as your website?
Can you see that folder, Imagine if you visit WP-Content/plugins? If so, upload that blank Index.html file into that folder as well so people can't see what plugins you might have. Because if your version of WordPress is up to date, if you are using an old plugin or a plugin using a security hole, then someone can he has a good point use this to get access.
However, I advise that you set up the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being permitted after three failed login attempts from a specific IP address for one hour. You can still get into your admin panel while away from your workplace, and yet you still have protection against hackers, if you do that.