There are millions of blogs all over the world wide web. Some people are making money and some do not. Many of the bloggers use WordPress at the moment. You need to make certain that your blog is protected.
Finally, clean hacked wordpress site will tell you that there's not any htaccess from the directory. You may put a.htaccess file within this directory if you desire, and you can use it to control access to the directory or address range. Details of how to do this are easily available on the internet.
Strong passwords - Do what you can to use a password, alpha-numeric. Easy to remember passwords are also easy to guess!
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it if it can't be found in the root directory. Also, nobody will be able to read the file unless they've FTP or SSH access to your server.
Install the WordPress Firewall Plugin. This plugin investigates web requests with WordPress-specific heuristics that are simple to identify and stop attacks.
However, I advise that you install the Login LockDown plugin instead of any.htaccess controls. Login requests will go to this website stop from being permitted after three failed login attempts from a specific IP address for one hour. You may still access your admin panel while away from your workplace, and yet you have good protection against hackers, if you do that.