I have had two WordPress blogs hacked into in the past. That was at a time when I was doing very little internet marketing, and until I found time to address the situation (months later), these sites were penalised in the search engines. They were not removed, but the rankings were reduced.
Install the secure your wordpress website Firewall Plugin. This plugin investigates requests that are net to identify and stop most obvious attacks.
Don't make the mistake of believing that your web host will have your back so far as WordPress copies go. Not always. While they say they do, it has been my experience that the company may or might not be doing backups. Take that kind of chance?
It's a WordPress plugin. They're drop dead easy to set up, have all the features you need for a job such as this, and are relatively cheap, especially when compared to having to employ someone to get this done for you.
Now we are getting into matters specific to WordPress. You must rename it to config.php and modify the file config-sample.php, when you install WordPress. You will need to set up the database facts click to read more there.
However, I advise that you set up the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being permitted from a specific IP address for one hour after three unsuccessful login attempts. If you do that, you may still access your admin panel while and yet you have protection against hackers.