how to fix hacked wordpress will even tell you that there's not any htaccess in the wp-admin/ directory. You may put a.htaccess file within this directory if you desire, and you can use it to control access from IP address to the directory or address range. Details of how to do this are easily available on the net.
If you're among the ones that are proactive, I might find it somewhat harder to crack your password. But if you're among those ones that are responsive, I might get you.
Yes, you want to do regular backups of your website. I recommend at least a weekly database backup and a monthly "full" backup. More. Definitely more, if you make frequent additions and changes to your site. If you have a community of people that are in there all the time, or make changes multiple times a day, a daily backup should be a minimum.
Note that this step for new installations should try. You see this page have to change all of the table names inside the database if you might like to do it for installations.
However, I advise that you install the Login LockDown plugin instead of any.htaccess controls. Login requests will stop from being permitted after three unsuccessful login attempts from a specific IP address for an hour. You can access your panel while away from your office, and yet you still have great protection against hackers, if you do that.