fix wordpress malware removal will inform you that there is not any htaccess inside the directory. You can put a.htaccess record into this directory if you would like, and you can use it to handle the wp-admin directory from Ip Address address or address range. Details of how you can do this are plentiful around the net.
Hackers do not have the power when you got all these lined up for your own security to come to a WordPress blog. You definitely can have a secure WordPress account that gives big bucks from affiliate marketing to you.
It's a WordPress plugin. They're drop dead easy to install, have all the features you need for a task like this, and are relatively cheap, especially when compared to having to hire someone to have this done for you.
Now we are getting into matters specific to WordPress. You have to rename it to config.php and alter the file config-sample.php, when you install WordPress. You will need to set up the database facts there.
However, I advise that you set up the Login LockDown plugin rather than any.htaccess controls. That will stops login requests from being permitted from a for an hour or so after three unsuccessful login attempts. It is still possible to access your additional resources mobile while and yet you still have protection against hackers, if you accomplish that.