I don't know about you, but when I secured my WordPress site, and I researched to find out what others do to keep their blog secure, I found so much information that I was completely confused. And some of the data was in fact on superstitious or the top. People told me rename this folder, to rename this file and set up these ten plugins. It seemed to be a bit of work and energy.
fix malware problem will tell you that there's not any htaccess in the wp-admin/ directory. You may put a.htaccess file if you desire, and you can use it to control access from IP address to the directory or address range. Details of how to do that are available on the net.
Is also important. You need to backup database and all the files you can bring your own blog back like nothing.
1 thing you this link can take is to delete the default administrator account. This is critical because if you don't do it, malicious user know a user name which they could try to crack.
You may extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. I think this plugin is a click to read more fantastic choice and you can use it at no cost.
Just make sure you choose a plugin that is up to date with the current version and release of WordPress, and that you may schedule, restore and clone.