I've had two WordPress blogs. That was in a time when I was doing almost no internet marketing, and until I found time to handle the situation (weeks later), these sites were penalized in the major search engines. They weren't eliminated the ratings were reduced.
Finally, fix hacked wordpress will tell you that there is no htaccess from the wp-admin/ directory. You may put a.htaccess file if you desire, and you can use it to control access from IP address to the wp-admin directory or address range. Details of how to do that are available on the net.
After spending a few days and hitting a few spots around town, I eventually find a cafe which provides free, unsecured Wi-Fi and to my pleasure, there are tons of people sitting around each day connecting their laptops to the"free" Internet services. I use my handy dandy cracker tool that is Wi-Fi and sit down and log into people's computers. Bear in mind, they are all on a network.
Is to delete the default administrator account. This is here are the findings important because if you don't do it, malicious user already know a user name that they could try to crack.
Install the WordPress Firewall Plugin. This plugin investigates web requests with heuristics visit the website to identify and prevent obvious attacks.
There my latest blog post is. People know they also could drop by with your login form and where they can login and try out a different combination of passwords and user accounts. So as to stop this from happening you want to install Login Lockdown. It's a plugin that only lets users attempt and login with a wrong password three times. Following that the IP address will be banned from the server for a specific timeframe.