fix wordpress malware scanner will also inform you that there's no htaccess inside the directory. You can place a.htaccess record into this directory if you want, and you can use it to handle the wp-admin directory by Ip Address address or address range. Details of how you can do that are plentiful around the internet.
Do not depend on your Web host - Many people depend on their web host to"do all that technical stuff for me", not realizing that sometimes, they do not! Far better to have the responsibility lie rather than out.
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it if it can't be found in the main directory. Also, nobody will be able to read the file unless they've FTP or SSH access to your server.
BACK UP your website regularly and keep a copy on your own computer and storage. Back up daily, For those who have a very active website. You spend a whole lot of webpage time and money on your website, don't skip this! Is BackupBuddy, no go now back up widgets your documents, plugins and database. Need to move your site to another host, this will do it in under a few minutes!
Don't use wp_ as a prefix for your own databases. Web hosting providers are eliminating that default but if yours doesn't, fix wp_ to anything but that.