You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
fix wordpress malware attack will tell you that there's no htaccess from the wp-admin/ directory. You may put a.htaccess file if you desire, and you can use it to control access from IP address to the directory or address range. Details of how to do this are easily available on the net.
No software system is resistant to bugs and vulnerabilities. Security holes will be discovered and bad guys will do their best to exploit them. Keeping your software up-to-date is a fantastic way once security holes are found because their products will be fixed by software vendors that are reliable.
You should also place the"Anyone Can Register" in Settings/General to away, and you ought to have some sort of spam plugin. Akismet is the old standby, the one I use, but there are try this web-site lots of them these days.
Pathological-looking phrases that were whitelists and black based on which area they appear inside. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
Do your homework and some hunting, but if you're pressed for time and need to get this try the WordPress safety plugin that recommended you read I use. It is a relief to know that my website (and business!) are secure.