You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
fix wordpress malware will also inform you that there is no htaccess inside the directory. You can place a.htaccess record into this directory if you want, and you can use it to manage usage of the wp-admin directory from Ip Address address or address range. Details of how you can do this are plentiful around the internet.
There are ways to pull off this, and many involve copying and FTPing files, exporting and re-establishing more and databases. Some of them are very complex, so it is important that you go for the one that is right. Then you might want to check into using a plugin for WordPress backups, if you're not of the technical persuasion.
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it there if it can't be found in the root directory. Additionally, nobody else will be able to read the file unless they have basics SSH or FTP access to your server.
Can you view that folder Imagine if you visit WP-Content/plugins? If so, upload this blank Index.html file into that folder as well so people can't visit the website view what plugins you might have. Because even if your version of WordPress is up to date, if you're using a plugin or an site web old plugin with a security hole, someone can use that to get access.
Oh . And incidentally, I was talking about plugins. Make sure it's a secure one, when you get a plugin. Don't install any plugin just because the owner is saying on his site that plugin can help you do this or that. Use a test site to check the plugin, or maybe get a software engineer to analyze it. This way is not a threat for you or your organization.