I back my blogs using a free plugin WP DB Backup up. I will always restore my website if anything happens. I use my site to be scanned by WP Security Scan plugin that is free regularly and requests that are suspicious-looking to be blocked by WordPress Firewall to fix wordpress malware attack.
Backup plug-ins is also significant. You want to backup all the files and database so in case of a sudden attack, you can bring your site back like nothing.
In case you ever wish to migrate your website elsewhere, like a new hosting company, you'd have the ability to pull this off without a hitch, and also without having to disturb your old site until the new one was in place and ready to roll.
What if you go to WP-Content/plugins, can you see that folder? If so, upload this blank Index.html reference file inside that folder as well so people can't see what plugins you might have. Because even if your version of WordPress is current, if you are using an old plugin or More Help a plugin using a security hole, someone can use that to get access.
However, I advise that you install the Login LockDown plugin rather than any.htaccess controls. Login requests will be ceased by that from being permitted from a for an hour or so after three failed login attempts. It is still possible to access your cell while and yet you still have good protection look at this site against hackers if you accomplish this.