Ultimately, fix hacked wordpress site will inform you that there's not any htaccess inside the directory. You can put a.htaccess record into this directory if you would like, and you can use it to handle the wp-admin directory by Ip Address address or address range. Details of how you can do this are plentiful around the internet.
There are many ways to pull off this, and many involve copying and FTPing files, exporting and re-establishing much more and databases. Some of them are very complicated, so it's important that you select the right one. If you're not of the technical persuasion, then you may want to check into using a plugin for WordPress backups.
Yes, you want to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" published here backup. More. Definitely more, if you make changes and regular additions to your website. If you make changes multiple times every day, or have a community of people that are in there Homepage all the time, a daily backup should be a minimum.
Another step to take to make WordPress secure is to upgrade WordPress. The reason behind this is that with every new upgrade there also come fixes for older security holes making it essential to upgrade.
Using a plugin for WordPress security makes sense. WordPress backups will need to be carried out on a regular basis. Do not become a victim of not being proactive why not check here about your site because!