Finally, secure your wordpress website will tell you that there's no htaccess in the wp-admin/ directory. You can put a.htaccess file into this directory if you desire, and you can use it to control access from IP address to the directory or address range. Details of how to do this are easily available on the internet.
This is fantastic news because it means that there's a strong community of developers and users that could enhance the platform. However, whenever there is a group of people trying to achieve something, there'll always be people who will try to take them down.
In case you ever want to migrate your site elsewhere, such as a new web host, you'd have the ability to pull this off without a hitch, and also without needing to disturb your old site until the new one was set up and ready to roll.
You could even get an SSL Encyption Security for your WordPress blogs. The SSL Security makes encrypted and secure communications with your blog. You may keep the all of the cookies and history of communication so that all transactions are recorded. Make sure all your sites get SSL security for protection.
However, I recommend that you set up the Login LockDown plugin as opposed to any.htaccess controls. That will stops login requests from being allowed from a for an hour or so after three failed login attempts. It is still possible to access your admin mobile while from internet your office, and yet you have good protection against hackers, if you accomplish that.