how to fix hacked wordpress will also tell you that there's no htaccess from the wp-admin/ directory. You can put a.htaccess file if you wish, and you can use it to control access to the wp-admin directory or address range. Details of how to do this are available on the internet.
The one I recommend, and the stronger approach, is to use one of the creation and storage plugins available for your browser. I think after a trial period, you have to pay for it, although people like RoboForm. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate secure passwords for you; you use one master password to log in.
Is to delete the default administrator account. This is critical because if you do not do it, a user name which they could attempt to crack is known by malicious user.
As I (our right here untrue Joe the Hacker) understand, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two site logins, FTP, web hosting, etc. accounts which all include logins and passwords you need to remember.
Implementing all the above will probably take less than an hour to finish, while creating your WordPress site considerably more immune to intrusions. Websites were cracked last year, largely due to preventable safety gaps. Have yourself prepared and you are likely to be on the safe side.