how to fix hacked wordpress will also inform you that there's not any htaccess within the directory. You can place a.htaccess record into this directory if you want, and you can use it to handle this wp-admin directory by Ip Address address or address range. Details of how you can do this are plentiful around the net.
Backup plug-ins is also important. You need to backup database and all the files you can bring back your own site like nothing.
There's a section of config-sample.php that's headed"Authentication Unique Keys." There are. A hyperlink is within that section of code. You need to enter that link into your browser, copy the contents that you get back, and then replace the keys you have with the unique, pseudo-random keys offered by the website. This makes it harder for attackers to automatically create a"logged-in" cookie for your website.
Along with adding a secret key to your wp-config.php file, also consider changing your user password into something that's strong and unique. WordPress will tell you the strength of your password, but include numbers, use letters, and a great tip is to avoid phrases. It's also a good idea you can look here to change your password frequently - say once every six months.
Always bear in mind that the safety of your sites depend on how you manage them. Be certain that you follow these tips to avoid hacks and exploits on sites and your blogs.