fix wordpress malware attack will even tell you that there is not any htaccess from the wp-admin/ directory. You may put a.htaccess file if you desire, and you can use it to control access to the wp-admin directory or address range. Details of how to do that are readily available on the net.
Backup plug-ins is also important. You want to backup database and all the files so in the event of a sudden attack, you can bring back your blog like nothing happened.
1 thing you can take is to delete the default administrator account. This is important because if you don't do more information it, malicious user already know a user name which they could try to crack.
As I (our untrue Joe the Hacker) understand, people have far too many usernames and passwords to remember. You have got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts which all come with logins and passwords you need to remember.
But realize that online security is something you really need to start thinking about. Don't just be the go now type that is reactive, consider action to begin protecting yourself. Do not let Joe the Hacker make your life miserable and turn everything in creating read here come crashing down in a matter of moments, that you've worked so hard.