Finally, clean hacked wordpress site will tell you that there is no htaccess in the wp-admin/ directory. You may put a.htaccess file into this directory if you desire, and you can use it to control access to the directory or address range. Details of how to do that are available on the internet.
There are numerous ways to pull off this, and many involve copying and FTPing files, exporting and re-establishing databases and more. Some of them are very complex, so it is imperative that you select the best one. Then you may want to check into using a plugin for WordPress backups if you're not of the technical persuasion.
Keep your WordPress Installation up to date - One of the simplest and most valuable tasks you can do yourself is to make sure your WordPress installation is view website upgraded. WordPress provides a notice on your dashboard to you, so her response there's really no reason.
You could get an SSL Encyption Security for your WordPress blogs. The SSL Security makes encrypted and secure communications with your site. You may even keep history of communication and the all of the cookies so that all transactions are recorded. Be certain all your blogs get SSL security for protection from hackers.
However, I advise that you set up the Login LockDown plugin as opposed to any.htaccess controls. Login requests will be stopped by that from being allowed from a for an hour or so after three unsuccessful login attempts. If you accomplish that, it is still possible to access your admin mobile while from your office, and yet you still have protection against hackers.