Finally, repair hacked wordpress site will also inform you that there is no htaccess within the directory. You may place a.htaccess record into this directory if you would like, and you can use it to manage usage of this wp-admin directory from Ip Address address or address range. Details of how you can do this are plentiful around the internet.
Also, don't make the mistake of believing that your hosting company will have your back as far as WordPress copies go. Not always. While they say they do, this page it has been my experience that the hosting company may or may not be doing proper backups. Take that kind of chance?
You should also place the"Anyone Can Register" in Settings/General to away, and you should have some sort of spam plugin. Akismet is the old standby, the one I use, but there are many of them these days.
You can extend the plugin features with premium plugins such as: Amazon S3 plugin, Members only plugin, DropShop etc.. So I think you can use it for free and this plugin is a fantastic choice.
Implementing all of the above will take less than an hour to finish, while creating your WordPress site more resistant to intrusions. Over 1 million WordPress websites were cracked last year, mainly due to easily preventable safety gaps. Have yourself prepared and you're likely to be on the safe side.