Last year and a half educated us that WordPress security should not be taken lightly by any means. Between 15% and 20% of the world's high traffic sites are powered by WordPress. The fact that it is an Open Source platform and everybody has access to its Source Code makes it a prey for hackers.
I back up my blogs frequently using a plugin WP DB Backup. I can restore my blog if anything happens. I use my blog to be scanned by WP Security Scan plugin that is free and WordPress Firewall to block requests that are suspicious-looking to fix hacked wordpress.
Safeguard your login credentials - Do not keep your login credentials where they might be found by a hacker. Store them offsite, as well as offline. Roboform is for protecting them good , too. Food for thought!
Keep your WordPress Installation up to date - One of the easiest and most valuable tasks you can do yourself is to make sure your WordPress installation is updated. WordPress provides a notice on your dashboard to you, so there's really no reason.
Can you see that folder what if you visit WP-Content/plugins? If so, upload this blank official website Index.html file inside that folder as well try these out so people can not see what plugins you might have. Someone can use that to get access because even if your version of WordPress is up to date, if you are using a plugin or an old plugin with a security hole.
However, I advise that you set up the Login LockDown plugin rather than any.htaccess controls. That will stops login requests from being permitted from a for an hour or so after three failed login attempts. If you this accomplish that, it is still possible to access your mobile while and yet you still have protection against hackers.