I have had two WordPress blogs. That was in a time when I was doing virtually no online marketing, and until I found time to handle the situation (weeks later), these sites were penalized at the main search engines. They were not eliminated the evaluations were reduced.
Finally, rename your login url to secure your wordpress website will also inform you that there's no htaccess within the directory. You may put a.htaccess record into this directory if you want, and you can use it to handle this wp-admin directory by Ip Address address or address range. Details of how you can do this are plentiful around the net.
Don't depend on your internet host - Many people rely on their web host to"do all that technical stuff for me", not realizing that sometimes, they do not! Far better to have the responsibility lie rather than out of your control.
Is to delete the default administrator account. This is important because if you do not do it, a user name which they could try to crack is already known by malicious user.
You can extend the plugin features with premium plugins like: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think you can use it and this plugin is a fantastic option.
There is another problem you have with WordPress. People always know where they can login and they also could drop by with your login form and try a different combination of user accounts look at this website and passwords outside. So as to prevent this from happening you want to install Login Lockdown. It is a plugin that allows users to try to login with a wrong password three times. After that the check my source IP address will be banned from top article the server for a specific timeframe.