As of today, WordPress is currently powering 48 of the blogs online. Apart from this, WP is powering 19% of the web as a whole. It means that a lot of people really trust WordPress when they want creation of websites and blogs.
The rename your login url to secure your wordpress website Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed via an FTP client or within the administrative page from the web host.
Use strong passwords - Do what you can to use a strong password, alpha-numeric, with upper and lower case and special characters. Easy to remember passwords are easy to guess!
Keep your WordPress Installation up to date - One of the easiest and most valuable tasks you can do yourself is to ensure that your WordPress installation is upgraded. WordPress gives a notice in your dashboard to you, so there's really no reason.
Can you see that folder what if you visit WP-Content/plugins? try this If so, upload this blank Index.html file inside that folder as well so people can't see what plugins you have. Someone can use this to get access because even if your current version of WordPress is current, if you are using a plugin or an old plugin with a security hole.
However, I advise that you set up the Login LockDown plugin in place of any.htaccess controls. From being permitted after three failed login attempts from a specific IP address for one hour, login requests will stop. If you do so, you can get into your admin panel while away from your workplace, and yet you still have great protection against hackers.