fix wordpress malware removal will tell you that there's no htaccess from the directory. You may put a.htaccess file if you wish, and you can use it to control access to the directory by IP address or address range. Details of how to do this are readily available on the internet.
After spending a couple of days and hitting a few spots around town, I finally find a cafe that offers free, unsecured Wi-Fi and to my pleasure, there are a ton of folks sitting around each day connecting their laptops to the"free" Internet services. I sit down and use my handy dandy cracker tool and log into people's computers. Bear in mind, they are all on a network that is shared.
Exploit Scanner goes in search of anything suspicious through the files on your site post, comment and database tables. You are also notified by it for plugin names that are odd. It does not remove anything, it simply warns you.
As I (our untrue Joe the Hacker) know, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, internet hosting, etc. accounts which all include logins and passwords you will need to remember.
You do think about needing security Whenever your site is new but you do our website have to protect your investment and yourself. Having a site go down and not being able to restore it can mean a loss of customers who can not find you and probably won't remember to look for your website later. Do not let that happen to you. Back up your site as soon as you get it started, and schedule frequent backups for as long as the website is operational. This way, you'll have peace and WordPress security of mind.