You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
By default, the newest version of WordPress is pretty darn secure. The development team of WordPress has considered anything which may have been added to some secure your wordpress website plugins. Before, WordPress did have holes but now most of them are stuffed up.
You can search. If hackers abruptly hack your site, it is easy to restore your site by means of your backup files and change.
Exploit Scanner goes through the files on your website place, comment and database tables seeking anything suspicious. You are also notified by it for plugin names that are unusual. It does not remove anything, it simply go warns you for potential threats.
What if you visit WP-Content/plugins, can you see that folder? If so, upload this blank Index.html file inside that folder as well so people can't see what plugins you might have. Someone can use this to get access because if your version of WordPress is up to date, if you are using a plugin or an old plugin using a security hole.
However, I recommend that you install the Login LockDown plugin instead of any.htaccess controls. From being permitted after three unsuccessful login attempts from a certain IP address for one hour, login requests will stop. You can get into your panel view publisher site whilst and yet you have protection against hackers if you do so.