Finally, how to fix hacked wordpress will tell you that there's not any htaccess in the wp-admin/ directory. You can put a.htaccess file within this directory if you desire, and you can use it to control access from IP address to the directory or address range. Details of how to do this are available on the net.
Everything you have worked for will go with it should the server of your site go down. You will make no sales, get no traffic or signups to your website, and in short, you are out of business until you have the website back up again.
Move your wp-config.php file up one directory from the WordPress root. WordPress will search for it there if it cannot be found in the root directory. Also, nobody will have the ability to read the document unless they have SSH or FTP access.
Upgrade, if you're not running the latest version of WordPress. Leaving your site is similar to maintaining your door unlocked when you leave for vacation.
Implementing all of the above will probably take less than an hour to complete, while creating your WordPress site considerably more immune to intrusions. Sites were last year, largely due to preventable safety gaps. Have yourself prepared and Read Full Report you're Web Site likely to be on the safe side.