Finally, fix wordpress malware scanner will tell you that there is not any htaccess in the wp-admin/ directory. You may put a.htaccess file within this directory if you desire, and you can use it to control access by IP address to the wp-admin directory or address range. Details of how to do that are readily available on the internet.
Protect your login credentials - Do not keep your login credentials where they might be found by a hacker. Store them offsite, as well as offline. Roboform is for protecting them good , too. Food for thought!
Exclude pages - This plugin provides a checkbox,"include this page in menus", which can be checked by default. If you uncheck it, the page will not appear in any listings of webpages (which includes, and is ordinarily restricted to, your webpage navigation menus).
In addition to Look At This adding a secret key to your wp-config.php document, also think about changing your user password into something that's strong and unique. WordPress will tell you the strength of your password, but include amounts, use upper and lowercase letters, and a good tip is to avoid common phrases. It's also a good idea to change your password regularly - say once every six months.
Oh . And incidentally, I talked about plugins. When you get a plugin, make sure it's a safe one. Do not install any plugin simply because the owner is saying on his website that plugin can help you do that or this. Use get a software engineer to examine it carefully, or perhaps a test site to check the plugin. This way you'll know it is not a threat for you or your business.