I don't know about you, but when I was securing my WordPress site, and I had been researching to find out what others were doing to maintain their blog safe, I found information I was confused. And some of the information was actually on superstitious or the top. People told me rename this folder to rename this file and install these ten plugins. It appeared to be a lot of work and energy.
repair hacked wordpress site will also inform you that there is no htaccess inside the directory. You may put a.htaccess record in to this directory if you would like, and you can use it to manage usage of the wp-admin directory from Ip Address address or address range. Details of how you can do this are plentiful around the internet.
Don't make the mistake of thinking that your hosting company will have your back so far as WordPress backups go. Not always. While they say that they do, it's been my experience that the hosting company may or might not be doing proper backups. Why take that kind of chance?
Keep control of your assets - Nothing is worse than getting your livelihood in someone else's hands. Why take chances with something as important as your site?
Black and pathological-looking phrases that were whitelists based on which area they look Get the facts inside, in a page request. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
Don't use wp_. Web hosting providers are eliminating that default but if yours does not, fix wp_ to anything else but that.