I've had two WordPress blogs hacked into previously. That was in a time when I was doing virtually no online marketing, and until I found time to handle the situation (weeks later), these sites were penalized at the main search engines. They weren't eliminated the ratings were reduced.
Finally, fix wordpress malware will tell you that there is no htaccess in the directory. You can put a.htaccess file if you wish, and you can use it to control access by IP address to the wp-admin directory or address range. Details of how to do this are easily available on the net.
Strong passwords - Do your best to use a these details password, alpha-numeric. Easy to remember passwords are easy to guess!
It represents a task that is essential while it's an odd term : creating a WordPress copy of your website to work on offline, or in case something should go amiss. We are not only being obsessive-compulsive here: servers go down every day, despite their promises of 99.9% uptime, and if you've had this happen to you, you understand the fear is it can cause.
Install the WordPress Firewall Plugin. This plugin investigates web requests with heuristics to identify and prevent most obvious attacks.
However, I advise that you install the Login LockDown plugin as opposed to any.htaccess controls. Login requests will be stopped by that from being allowed from a for an hour or so after three failed login attempts. If you accomplish that, you can still access your mobile while and yet you have protection against hackers.