Since scare tactics appear to be at the very least start thinking about the issue, or what drives some people to take how to fix hacked wordpress a little more seriously, let me shoot a scare tactics your way.
I protect an access to important files on the site's server by putting an index.html file in the particular directory, which hides the files from public view.
Keeping your WordPress website up-to-date is one of the most easy things you can do. For the last few versions, the ability to install updates has been included by WordPress. Not only that, but websites are notified whenever a new upgrade becomes available.
Along with adding a secret key to your wp-config.php file, also consider altering your user password into something that's strong and unique. A good tip is to avoid common phrases, use upper and lowercase letters, and include numbers, although you will be told the strength of your password by wordPress. It's also a good idea to change your password regularly - say once every six months.
However, I recommend that you set up the Login LockDown plugin rather than any.htaccess controls. Login requests will be stopped by that from being permitted from a for an check this hour or so after three failed login attempts. If you accomplish that, you can access your cell while from your office, her response and yet you have good protection against hackers.