Ultimately, repair hacked wordpress site will also inform you that there is no htaccess inside the directory. You may place a.htaccess record in to this directory if you want, and you can use it to handle the wp-admin directory by Ip Address address or address range. Details of how you can do that are plentiful around the net.
Hackers do not have the capability once you got all these lined up for your own security to come to your WordPress blog. You definitely can have a WordPress account which provides big bucks from affiliate marketing to you.
Yes, you want to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. If you make additions and changes to your site, definitely. If you have a community of people click to investigate that are in there all the time, or make changes multiple times every day, a daily backup should be a minimum.
Another step to take to make WordPress secure is to upgrade WordPress. The main reason for this is that with each upgrade there also come fixes for security holes that are older which makes it essential to upgrade.
Just ensure which you can schedule, and you choose a plugin that's up to date with release and the version of WordPress, restore and replicate.