You may well have heard all the buzz online about the attacks on WordPress security. Unfortunately this is no joke, and it needs to be taken very seriously, or all you've built could be hijacked or worse, lost to you.
Ultimately, fix wordpress malware plugin will inform you that there's no htaccess inside the directory. You may place a.htaccess record in to this directory if you want, and you can use it to manage usage of the wp-admin directory by Ip Address address or address range. Details of how you can do that are plentiful around the internet.
The approach, and the one I recommend, is to use one of the creation and storage plugins available on your browser. I believe after a free trial period, you need to pay for it, although RoboForm is liked by many people. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate passwords for you; you then use one master password to log in.
This is quite useful plugin, protecting you against brute-force strikes that are password-crack. It keeps track of the IP address of every login attempt. You can configure the plugin to disable login attempts when a certain number of attempts is reached.
Can you see that folder, what if you go to WP-Content/plugins? If so, upload this blank Index.html file inside that folder as well so people can not view what plugins you have. Someone can use this to get access because even if your version of you could try these out WordPress is up to date, if you're using a plugin or an old plugin using a security hole.
There are always going to be risks being online (or even just being alive!) Also it's easy to get caught up in the panic. We put the breaks on, As soon as we get caught up in the panic. This isn't a response that is fantastic. Take some common sense precautions, then forge ahead. It will need to be dealt with then, if something does happen and no amount of quaking in your will have helped. All is good, if nothing does and you have not made yourself ill with worry.