fix wordpress malware attack will inform you that there's no htaccess within the directory. You may put a.htaccess record in to this directory if you would like, and you can use it to handle this wp-admin directory by Ip Address address or address range. Details of how you can do that are plentiful around the internet.
The more powerful approach, and the one I personally recommend, is to use one of the generation and storage plugins available on your browser. Lots of people like RoboForm, but I think after see this page a free trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those who use Internet Explorer or Firefox. That will generate secure passwords for you; you use one master password to log in.
A snap to move - If, for some reason, you want to relocate your site, such find as a domain name change or a new hosting company, getting your files at your fingertips can this save you oodles of time, headache, and the demand for tech help.
Install the WordPress Firewall Plugin. This plugin investigates web requests to recognize and stop obvious attacks.
Do not use wp_ as a prefix for your own databases. Most web hosting providers are removing that default but if yours does not, fix wp_ to anything else but that.