Finally, fix wordpress malware removal will also inform you that there is not any htaccess inside the directory. You can place a.htaccess record in to this directory if you want, and you can use it to manage usage of the wp-admin directory by Ip Address address or address range. Details of how you can do that are plentiful around the net.
The one I recommend, and the more powerful approach, is to use one of the creation and storage plugins available for your browser. Lots of people like RoboForm, but I think after a trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those who use Firefox or Internet Explorer. That will generate secure passwords for you.
Harness Scanner goes through the files on your website database, comment and post tables. You are also notified by it for odd plugin names. It doesn't remove anything, it simply warns you for threats.
Whitelists pathological-looking phrases and black based on which area they appear inside, in a page request. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
Always bear in mind that the security of your sites depend on how you handle them. Make certain that you follow these more simple strategies to avoid exploits and hacks on websites and your blogs.