WordPress is a secure system but software has their own flaws and security holes are often located on WP. This is the reason why WP often releases new updates . They instantly make some changes and supply a new update once they found any vulnerability . First you have to comprehend the regions where these plug-ins work to assist you protect your investment, if you wish to know about the fix wordpress malware protection plugin.
An easy way would be to use a few tools. To begin with, don't allow people run a web host security scan to list the files in your folders and automatically backup your web hosting account.
Yes, you need to do regular backups of your website. I recommend at least a weekly database backup and browse around this web-site a monthly "full" backup. More, if possible. Definitely more, if you make changes and additions to your website. If you have a community of people that are in there all the time, or make changes multiple times a day, a backup should be a minimum.
Can you view that folder what if you go to WP-Content/plugins? If so, upload this blank Index.html file inside that folder as well so people can't view what plugins you might have. Because if your version of WordPress is up to date, if you are using a plugin or an old plugin with a security hole, someone can use this to get access.
However, I recommend that you install the Login LockDown plugin in place of any.htaccess controls. From being permitted after three unsuccessful login attempts from a certain IP address for an hour, login requests will stop. If you do that, you can still access your admin panel while away from your office, and yet you still have protection against hackers.