fix wordpress malware scanner will also inform you that there's no htaccess inside the directory. You may put a.htaccess record into this directory if you would like, and you can use it to handle this wp-admin directory from Ip Address address or address range. Details of how you can do that are plentiful around the internet.
This is fantastic news as it means that there's a community of developers and users who could further improve the platform. However there's a big group of people trying to achieve something, there'll always be people who will attempt to take down them.
This is quite over at this website useful plugin, protecting you against brute-force password-crack strikes. It keeps track of the IP address of every login attempt. You can configure the plugin to disable login attempts for a selection of IP addresses when a certain number of attempts is reached.
Note that this last step for new installations should try. You need to change all the table names within the database if you might like to get it done for installations.
However, I check this recommend that you set up the Login LockDown plugin rather than any.htaccess controls. That will stops login requests from being permitted from a for an hour or so after three failed login attempts. If you accomplish this, you can access your admin cell while and yet you still have protection against hackers.