Finally, secure your wordpress site will also tell you that there is no htaccess from the directory. You can put a.htaccess file if you desire, and you can use it to control access by IP address to the directory or address range. Details of how to do that are readily available on the internet.
No software system is immune to bugs and vulnerabilities. Security holes will be discovered and bad guys will do their best to exploit them. Keeping your software next page up-to-date is a fantastic way once security holes are found because their products will be fixed by software sellers that are reliable.
It's a WordPress plugin. They are drop dead simple to install, have all the functions you need for a job such as this, and are relatively cheap, especially when compared to having to hire someone to have this done for you.
You can also make a firewall go to this website that blocks hackers. From coming to your own files, the hacker is prevented by the firewall. You also have to have updated version of Apache. Upgrade your PHP as well. It is essential that your system is filled with upgrades.
Do your homework and some hunting, but if you're pressed for time and need to get this done once and for all, try the WordPress security plugin that I use. official statement It's a relief to know that my site (and company!) are secure.