Ultimately, fix wordpress malware scanner will inform you that there is no htaccess inside the directory. You can put a.htaccess record into this directory if you want, and you can use it to handle the wp-admin directory from Ip Address address or address range. Details of how you can do that are plentiful around the internet.
No software system is resistant to vulnerabilities and bugs. Security holes will be discovered and guys will do their best to exploit them. Keeping your software up-to-date is a good way once security holes are found, because their products will be fixed by reliable software vendors.
There's a section of config-sample.php that is headed"Authentication Unique Keys." There are. There's a hyperlink inside that part of code. You need to enter that link in your browser, copy the contents that you return, and then replace look here the This Site keys you have with the unique, pseudo-random keys provided by the website. This makes it harder for attackers to automatically generate a"logged-in" cookie for your website.
Another step to take to make WordPress more secure is to upgrade WordPress. The main reason for this is that with each new upgrade there useful source come fixes for older security holes making it essential to update.
However, I advise that you install the Login LockDown plugin as opposed to any.htaccess controls. Login requests will be stopped by that from being permitted from a for an hour or so after three unsuccessful login attempts. If you accomplish this, it is still possible to access your admin cell while and yet you have great protection against hackers.