fix wordpress malware will tell you that there's not any htaccess in the directory. You can put a.htaccess file if you desire, and you can use it to control access to the directory or address range. Details of how to do that are available on the net.
After spending a couple of days and hitting a few spots around town, I finally find a cafe that offers free, unsecured Wi-Fi and to my pleasure, there are a ton of folks sitting around daily connecting their laptops to the"free" Internet services. I sit down and use my handy dandy cracker tool and log into people's computers. Remember, they are all on a network that is shared.
1 step you can take is to delete the default administrator account. This is critical because if you don't do it, malicious user know a user name which they could attempt to crack.
It's really sexy to fan the flames of fear. That is what journalists and bloggers and politicians and public figures do. It's great for readership and it brings money to the war chests. Balderdash.
Just make sure you view website decide on a plugin that's current with release and the current version of WordPress, and which you can schedule, restore and replicate.