A half and last year taught us that WordPress security shouldn't be dismissed by any means. Between 15% and 20% of the world's high traffic sites are powered by WordPress. The fact it is an Open Source platform and everyone has access to its Source Code makes it a prey for hackers.
Finally, how to fix hacked wordpress will tell you that there's no htaccess from the directory. You may put a.htaccess file into this directory if you wish, and you can use it to control access to the directory or address range. Details of how to do that are readily available on the net.
It's not unusual for sites to be hacked by a random person today. Actually, even domains get hacked. If you are not a programmer or a developer, there is no way that you will actually understand anything about programming languages or codes. This is the major reason why a number of the people who don't know anything wind up if there are some methods to safeguard their sites and investments thinking.
For me it's a WordPress plugin. They're drop dead easy to set up, have all the functions you need for a task such as this, and are relatively inexpensive, especially when compared to having to employ someone to get this done for you.
Now we're getting check that into matters specific to WordPress. Whenever you install WordPress, you need to edit the document config-sample.php and rename it to config.php. You want to install the database information there.
The plugin should be updated play nice to stay current with the latest WordPress release and have WordPress and restore capabilities. The ability to clone your website (in addition to regular backups) can be helpful if you ever need to do an offline site redesign, among other things.