Finally, clean hacked wordpress site will inform you that there's not any htaccess inside the directory. You may put a.htaccess record into this directory if you want, and you can use it to manage usage of this wp-admin directory from Ip Address address or address range. Details of how you can do that are plentiful around the net.
Well, we're talking about WordPress but what's the feeling of doing updates and security checks if your computer is at risk of hackers. There are malicious files which can encrypt key loggers. No matter what you do, they can access everything that you type on your computer when this occurs. You can find a good deal of antivirus programs that are good . Look for a antivirus program or ask experts.
Yes, you need to do regular backups of your site. I recommend at least a weekly database backup and a monthly "full" backup. More, if possible. If you make additions and changes definitely. If you have a community of people that are in there all the time, or make changes multiple times every day, a backup should be a minimum.
What if you visit WP-Content/plugins, can you see that folder? If so, upload this blank Index.html file inside that folder as well so people can't view what plugins you might have. Because if your existing version of WordPress is up to date, if you're using an old plugin or a plugin using a security hole, someone can use this to get access.
Implementing all the above will probably take less than an hour to complete, while creating your WordPress website more resistant to intrusions. Over 1 million WordPress sites were cracked last click for more info year, mainly due to easily preventable security gaps. Have yourself prepared and you're likely to be on the safe side.