I don't know about you, but I researched to see what others were doing to maintain their blog secure, and when I secured my WordPress site, I found so much information that I was completely confused. And some of the information was in fact on the top or superstitious. People told me to rename this file, rename this folder and set up these ten plugins. It seemed to be quite a bit of effort and work.
Finally, fix wordpress malware scanner will also inform you that there's not any htaccess within the directory. You may put a.htaccess record into this directory if you would like, and you can use it to manage usage of this wp-admin directory by Ip Address address or address range. Details of how you can do this are plentiful around the net.
This is great news because it means that there is a strong community of users and developers that can further improve the platform. However there's a significant group there'll always be people who will attempt go to this site to take down them.
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it if it cannot be found in the main directory. Additionally, nobody else will have the ability to read the document unless they have FTP or SSH access.
Now we're getting into matters specific to WordPress. Whenever you install WordPress, you have to edit the document config-sample.php and rename it to config.php. You need to set up the database details there.
However, I advise that you set up the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being allowed after three failed login this link attempts from a certain IP address for an hour. You may still get into your admin panel whilst away from your office, and hop over to here yet you have great protection against hackers, if you do that.