I have had two WordPress blogs. That was in a time when I was doing almost no internet marketing, and until I found time to handle the situation (weeks later), these sites were penalized at the main search engines. They were not eliminated the evaluations were reduced.
fix wordpress malware cleanup will tell you that there's not any htaccess in the directory. You may put a.htaccess file if you wish, and you can use it to control access from IP address to the wp-admin directory or address range. Details of how to do that are easily available on the net.
Everything you have worked for will go with it should your view website site's server return. You'll make no sales, get signups or no traffic to your website, until you get the site back up again and in short, you're out of business.
Should you look these up ever wish to migrate your website elsewhere, like a new hosting company, you'd have the ability to pull this off without a hitch, and also without needing to disturb your old site until the new one was in place and ready to roll.
It is really sexy to fan the flames of fear. That's what bloggers and journalists and politicians and public figures mostly do. It's great for readership and it discover here brings money. Balderdash.
However, I advise that you install the Login LockDown plugin as opposed to any.htaccess controls. Login requests will be ceased by that from being allowed from a for an hour or so after three failed login attempts. You can access your admin mobile while from your workplace, and yet you have protection against hackers, if you accomplish that.