fix malware problems free will inform you that there's not any htaccess inside the directory. You may put a.htaccess record into this directory if you want, and you can use it to manage usage of the wp-admin directory from Ip Address address or address range. Details of how you can do this are plentiful around the net.
I protect an access to important files on the site's special info server by putting an index.html file in the particular directory, that hides the files out of public view.
This is very useful plugin, protecting you against brute-force password-crack strikes. It keeps track of the IP address of every login attempt. You can configure the plugin to disable login attempts when a certain number of attempts is reached.
Upgrade today, if you aren't currently running the latest version of WordPress. Leaving your site is similar to maintaining your door unlocked when you leave for vacation.
Implementing all the above will take less than an hour to finish, while making your WordPress site much more immune to intrusions. Sites were this past year, mainly due to preventable safety gaps. Have yourself prepared and you are likely to be on the safe side.